... | ... | @@ -2,7 +2,7 @@ |
|
|
- Do not store the private key on a live system
|
|
|
- Use a dedicated hardware token (e.g. Nitrokey or YubiKey)
|
|
|
- Must be exclusive (not used for any other key)
|
|
|
- Backup of the generated key on at least one encrypted offline storage medium
|
|
|
- Backup of the generated key and revocation certificate on at least one encrypted offline storage medium
|
|
|
- Must be exclusive (not used for regular user data backups etc.)
|
|
|
|
|
|
# Generating a new key pair
|
... | ... | |