[ale] GPG Key Creation Question
Jonathan Rickman
jonathan at xcorps.net
Mon Nov 3 11:12:46 EST 2003
On Friday 31 October 2003 11:15, Jonathan Glass wrote:
> If I create a public/private key pair with no passphrase, then use the
> public key to encrypt, and remove the private key from the machine,
> what are the odds of compromise?
With no private key on the machine, nil.
> I'm trying to encrypt personal information from a web form. I was
> thinking about using the public key on the submission/validation page
> to encrypt the information, then inserting the encrypted text into the
> MySQL db. Then, on the management screen, I'd have a place for the
> administrator to upload the private key (from a USB key-chain drive, or
> CD) for the decryption. Does this sound like a good or bad idea?
Actually, it sounds like a great idea...just beware lingering bits of the
private key in swap and temp space. I think gpg prevents that anyway but
it wouldn't hurt to read up on it.
--
Jonathan Rickman
Key ID: 0DF501FF
More information about the Ale
mailing list