First page Back Continue Last page Overview Graphics
PKI Pitfalls
Getting a corrupt public key
- Always check the fingerprint, e.g.
3DAD 8435 DB52 F17B 640F D78C 8260 0CC1 0B75 8265
- By phone call, or face-to-face verification
Not keeping your private key secure
- Secure your machine
- Use a strong passphrase (not just a password)
Key mismanagement
- Always issue revocation certificate
- Set expiry date before the next Ice Age
Notes:
If someone manages to grab your private key (e.g. By getting access to your hard drive), they still have to guess / brute force the passphrase. So it better be good!
Key litter is very common, because people don't know what they're doing when they start using PKI. Always create a revocation certificate, otherwise you are bound to find yourself in the unpleasant situation of being unable to de-activate a key you no longer wish to use!