How to protect private keys
John W. Moore III
jmoore3rd at bellsouth.net
Fri Apr 13 06:00:48 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Moses wrote:
> My question sound dumb
Nonsense; the only 'dumb' Question is the one not asked!
> How to better protect private keys of GPG users?
Some folks 'protect' themselves from this by storing their Keyrings on
removable media. (USB Memory stick, etc.)
The built-in protection for this is the use of a very secure passphrase.
By using a passphrase hardened against Social Engineering and
Dictionary attack; then even if Your 'Secret Key' falls into the wrong
hands You are reasonably protected from compromise. Of course, if You
are involved in situations where torture may be implemented to force You
to divulge the passphrase; then harden yourself or throw yourself under
a bus if capture is imminent. :-\
JOHN ;)
Timestamp: Thursday 12 Apr 2007, 23:58 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8-svn4471: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: My Homepage: http://tinyurl.com/yzhbhx
iQEcBAEBCgAGBQJGHwBuAAoJEBCGy9eAtCsPEeoH/19db9eV9ZazbkgvAKv79eJv
sJMdjztzdiqRLpWe16IWfnih/evXj7WM2/y9uSF0QF4wi4Lf5hGO4SkEoW/S6v6D
6A71FJXCtM72GUDbQi2L8DVCkTPfKMaJWZYLNeo/w9l1vdTkAVDHz4m0/LFbWm2O
fDeTgwA9MF0AsZmj1RM1DlQ/xv/Qta3PAP4kBKTbXYRR8mTj9VoYbuON8NcrTs8u
wP96GOuNGCri8yFaVfCsck64TdfEBYFiIqUgSfmIru8htiURDATx0gxI0b4dmYfA
hHom/Nm7947mVvVKnT2hxI7OduRp2tPXA5NKFp96zqr93+CS+swolQw8Go2f0HQ=
=0e+D
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list