GPG keys are the basis of the otc web of trust as I have very recently learned. Neat idea.
I know how to protect a gpg private key, I can keep the CIA, FBI and the whole alphabet soup from my gpg private key.
I agree people who don't understand just how private a private key must be guarded should not activate this advanced feature. But I don't have a non-encrypted storage device in my house.
Bitcoin itself depends on protection of private keys.
I am confident that I am the only one loggin in if:
- I must enter a password
- I must sign a 256 bit string of bytes using my registered key
I would of course have a password for that key that would never be defeated by a dictionary attack.
I think you should be able to configure just how locked down your identity should be from simple to cryptogeek.
Consider smart devices already exist that will use a private key for you but no reveal it. Chip-Pin credit cards use them. "Smartcards" can do this. Now you can use a bit of plastic with a built in signer, or a laptop, or a server cluster, or your smart phone.
What is your opinion on how safe your private key is on the chipped cards, smart phone apps, etc?
How do you keep your key secure from a virus on your system? I understand keeping the storage encrypted, but you have to decrypt the storage to use it, at which point the virus can also read it, no?
I think at one point MPOE-PR mentioned using QR codes to securely pass messages back and forth between an offline device and an online device, are you aware of any products that might facilitate this? (I'm thinking cell phone apps?)
Sorry about the 20 Q's. You seem pretty knowledgeable so I'm picking your brain a bit.
