How to protect private keys?

nix nixclusive0 at
Fri Apr 13 11:06:35 CEST 2007

The private keys are encrypted even in exported form. Anyone who can grab your private key 
will need your passphrase to decrypt it. By default, GnuPG uses the cipher CAST5 to encrypt 
private keys. You can change that with the --s2k-* options. However, for a hacker, having 
something to decrypt or maybe brute force it is much better than having nothing at all. 
Keeping this in mind, try to keep your private keys private. Like keep them in a portable 
USB key or something similar.

More information about the Gnupg-users mailing list