• sudneo@lemm.ee
    link
    fedilink
    English
    arrow-up
    6
    ·
    4 months ago

    You upload your private key to the cloud. Encrypted or not, this is a bad idea.

    An encrypted key is a useless blob. What matters is the decryption key for that key, which is your password (or a key derived from it, I assume), which is client side.

    They can do the signing and encryption with my public key

    They can’t sign with your public key. Signing is done using your private one, otherwise nobody can verify the signature.

    Either way:

    and then I’ll do the decryption with my own private key locally without them storing it.

    You can do it using the bridge, exactly like you would with any client-side tooling.