Important
As of today (2024/04/03), this article is a WIP.
Table of Contents
Dos and don’ts
Do’s
- Always backup your key on an encrypted device stored safely;
- Generate subkeys for daily activity, as they can be revoked easily;
- Try to store your
primary keyoffline on an encrypted device; - Consider generating a revocation certificate that you’ll print and store
safely, it might prove useful if you lose control on your
primary key; - If you create a shared key (eg a GNU/Linux distribution release signature
key or for release signature key of a FOSS project), have a clear and
shared key management policy. Ideally the
primary keyshould be offline and the less accessible that it’s humanely possible to do without creating unwarranted privileges for some persons in the sharing group;
Don’ts
- Don’t share your personal private material with anyone;
- Seriously, don’t do that, and don’t think that the GPG system in ProtonMail is safe (most FOSS environments won’t give trust to a personal key that one doesn’t exclusively own and manage);
- If you manage a shared private key (distribution release signature key or something else), don’t ever divert from the key management policy set up collectively;