How to protect private keys?
nixclusive0 at gmail.com
Fri Apr 13 11:06:35 CEST 2007
The private keys are encrypted even in exported form. Anyone who can grab your private key
will need your passphrase to decrypt it. By default, GnuPG uses the cipher CAST5 to encrypt
private keys. You can change that with the --s2k-* options. However, for a hacker, having
something to decrypt or maybe brute force it is much better than having nothing at all.
Keeping this in mind, try to keep your private keys private. Like keep them in a portable
USB key or something similar.
More information about the Gnupg-users