To whom it may concern, I recall reading somewhere some best practices for creating one's initial RSA key pair that they intend for building their Web of Trust. I think the recommended steps were:
1. Find a computer that you think is relatively free of malware 2. Download a Live Linux distro CD/DVD/USB, and verify its signatures to make sure you are not installing a tainted version 3. Launch the verified Linux distro. 4. Use GnuPG to create private RSA key, and two subkeys (signing & encrypting) 5. Strip the master private key from the keychain, saving on an encrypted medium (e.g., encrypted USB stick) 6. Create necessary revocation certificates, also save on encrypted USB stick 7. Copy over GnuPG keychain without master private key to work computer, personal laptop, etc. 8. Store encrypted USB stick somewhere safe Can people comment on what I recalled correctly, and what needs to be added/modified? Thanks, ~T _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
