cannot export key
Neil Williams
linux@codehelp.co.uk
Mon Jun 30 20:00:02 2003
--Boundary-02=_csHA/0oe3OPMyB6
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline
On Monday 30 Jun 2003 4:23 am, David Shaw wrote:
> On Sun, Jun 29, 2003 at 08:52:08PM +0100, Neil Williams wrote:
> > Backups??? I suppose I'm lucky with multiple installations, I end
> > up with several working backups. What is the 'recommended' way to
> > back up secring.gpg? (www.gnupg.org seems to not want to respond to
> > me tonight.)
>
> cp .gnupg/secring.gpg /backup/secring.gpg
>
> ;)
So that relies on the security of the backup medium. I can't protect it by=
=20
making it chmod 400 chown root.<any> because if the media is stolen, any ro=
ot=20
user can read the file and therefore import it. A thief would still need to=
=20
crack the passphrase of the key to use it. I can't see my data being worth=
=20
the effort of a brute force passphrase attack but that doesn't mean it can=
=20
never happen.=20
I can't encrypt it because that leads to the chicken/egg syndrome - can't=20
decrypt it because I haven't got the secret key, can't get the secret key=20
'cos I can't decrypt it.
I can use GnuPG to protect the backup itself, (if I have data that I wanted=
=20
protected, just make a tarball and encrypt it) but GnuPG in turn relies on=
=20
the chosen passphrase.
If I change passphrases from time to time and imported the most recent=20
secring.gpg, am I right to think that I could decrypt older archives that=20
were encrypted with the same key but under an older passphrase?
=2D-=20
Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk
http://www.wewantbroadband.co.uk/
--Boundary-02=_csHA/0oe3OPMyB6
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA/AHsciAEJSii8s+MRAsMsAJ9ua9oHQ6WXMmXg7ExCVDG6JCJhCgCfVh4q
aKCjr2VrBStKFYGrlFrvvV4=
=Kawi
-----END PGP SIGNATURE-----
--Boundary-02=_csHA/0oe3OPMyB6--