Secret key storage question

Gordon Worley redbird at
Tue Jun 18 17:20:01 CEST 2002

When secret keys are stored in GnuPG, how much does the passphrase 
protect them?

I'm trying to figure out a couple of things.  For example, if the 
passphrase is being used to keep the secret keys unreadable, then am I 
correct in thinking that your passphrase should be the same length as 
the key it's protecting so that a brute force attack on either would 
take just as long?  Also, if not, is the passphrase just a way of making 
sure the user really wants to do something (like sign a document) and 
didn't accidently sign something that they shouldn't have?  And that a 
friendly person who the key's owner trust doesn't `accidently' sign 
something for the key's owner (in other words a party that wouldn't 
steal the key, but might make unauthorized use of it)?

Gordon Worley - Mac GPG Project              ``Doveriai no proveriai.''
redbird at                                --Russian proverb
PGP:  0xBBD3B003

More information about the Gnupg-devel mailing list