Some questions

Werner Koch wk at gnupg.org
Fri Aug 8 16:52:03 CEST 2008


On Fri,  8 Aug 2008 12:59, dave.smith at st.com said:

> only by its owner?  Or maybe it's just there to discourage people from
> transporting secret keys around?

Right.  Moving the secret key in a public key system around is in
general not required and somewhat contradicts the whole point of public
key encryption.  If soemone wants to move his secret key he should think
twice about it and prepare a proper plan on how to do this.

The passphrase used to protect the secret key is by no means an
sufficient protection compared to the public key system usually used.

The passphrase is just a way to make it harder to use a lost secret key.
It won't stop a well equipped attacker: The passphrase needs to have a
convenient length so it can be typed in quickly.  Almost nobody uses a
passphrase which equals an 128 bit random symmetric key.  Further,
entering the passphrase is subject to side channel atatcks like should
surfing or recording the sound of the keyboard.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-users mailing list