cannot export key

Neil Williams linux@codehelp.co.uk
Mon Jun 30 20:00:02 2003 

--Boundary-02=_csHA/0oe3OPMyB6
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Monday 30 Jun 2003 4:23 am, David Shaw wrote:
> On Sun, Jun 29, 2003 at 08:52:08PM +0100, Neil Williams wrote:
> > Backups???  I suppose I'm lucky with multiple installations, I end
> > up with several working backups. What is the 'recommended' way to
> > back up secring.gpg? (www.gnupg.org seems to not want to respond to
> > me tonight.)
>
> cp .gnupg/secring.gpg /backup/secring.gpg
>
> ;)

So that relies on the security of the backup medium. I can't protect it by=
=20
making it chmod 400 chown root.<any> because if the media is stolen, any ro=
ot=20
user can read the file and therefore import it. A thief would still need to=
=20
crack the passphrase of the key to use it. I can't see my data being worth=
=20
the effort of a brute force passphrase attack but that doesn't mean it can=
=20
never happen.=20

I can't encrypt it because that leads to the chicken/egg syndrome - can't=20
decrypt it because I haven't got the secret key, can't get the secret key=20
'cos I can't decrypt it.

I can use GnuPG to protect the backup itself, (if I have data that I wanted=
=20
protected, just make a tarball and encrypt it) but GnuPG in turn relies on=
=20
the chosen passphrase.

If I change passphrases from time to time and imported the most recent=20
secring.gpg, am I right to think that I could decrypt older archives that=20
were encrypted with the same key but under an older passphrase?

=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/


--Boundary-02=_csHA/0oe3OPMyB6
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/AHsciAEJSii8s+MRAsMsAJ9ua9oHQ6WXMmXg7ExCVDG6JCJhCgCfVh4q
aKCjr2VrBStKFYGrlFrvvV4=
=Kawi
-----END PGP SIGNATURE-----

--Boundary-02=_csHA/0oe3OPMyB6--