cannot export key

Neil Williams
Mon Jun 30 20:00:02 2003

Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Monday 30 Jun 2003 4:23 am, David Shaw wrote:
> On Sun, Jun 29, 2003 at 08:52:08PM +0100, Neil Williams wrote:
> > Backups???  I suppose I'm lucky with multiple installations, I end
> > up with several working backups. What is the 'recommended' way to
> > back up secring.gpg? ( seems to not want to respond to
> > me tonight.)
> cp .gnupg/secring.gpg /backup/secring.gpg
> ;)

So that relies on the security of the backup medium. I can't protect it by=
making it chmod 400 chown root.<any> because if the media is stolen, any ro=
user can read the file and therefore import it. A thief would still need to=
crack the passphrase of the key to use it. I can't see my data being worth=
the effort of a brute force passphrase attack but that doesn't mean it can=
never happen.=20

I can't encrypt it because that leads to the chicken/egg syndrome - can't=20
decrypt it because I haven't got the secret key, can't get the secret key=20
'cos I can't decrypt it.

I can use GnuPG to protect the backup itself, (if I have data that I wanted=
protected, just make a tarball and encrypt it) but GnuPG in turn relies on=
the chosen passphrase.

If I change passphrases from time to time and imported the most recent=20
secring.gpg, am I right to think that I could decrypt older archives that=20
were encrypted with the same key but under an older passphrase?


Neil Williams

Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.1 (GNU/Linux)