How to protect private keys?
Joseph Oreste Bruni
jbruni at mac.com
Fri Apr 13 06:01:00 CEST 2007
On Apr 12, 2007, at 8:50 PM, Robert J. Hansen wrote:
>> to export private keys, without need to enter passphrase. This is
>> very
>> dangerous to a multi-user computer.
>
> Clearly, you don't trust the computer you share with other users. So
> why, exactly, are you running GnuPG on it?
>
> Running GnuPG on a computer you don't trust is folly. If you don't
> have physical security over the machine, there is no possibility of
> electronic security in your communications.
>
> Beware of all other answers you receive to this question. Before you
> try to fix the "GnuPG problem", fix the much bigger and more pressing
> problem about how you're trying to run security-critical software on
> a computer you don't physically control.
Indeed. A more pressing question is who has "root" access to the
system. If any of the users with root access replace the gpg
executable, then any private key can be compromised.
More information about the Gnupg-users
mailing list