how to get private key
Harvey Muller
hlmuller at yahoo.com
Thu Jul 3 20:59:43 CEST 2008
Naeem,
It's highly unlikely that an individual would be capable of stealing a secret key and using it to decrypt messages. A large corporation or government, maybe. Make your passphrases complex.
I'm a little cautious myself with my secret keys, so I use two hardware based approaches to ease my paranoia:
1. I use an openpgp card to keep my normal signing and encryption subkeys secure.
2. I keep my main secret key on a usb flash drive, along with backups of my secret subkeys, and public keys.
These are useful resources for further reading:
http://www.gnupg.org/howtos/card-howto/en/smartcard-howto.html
http://fortytwo.ch/gpg/subkeys
Best regards,
Harvey
----- Original Message ----
> From: "Afzal, Naeem M" <naeem.m.afzal at intel.com>
> To: "gnupg-users at gnupg.org" <gnupg-users at gnupg.org>
> Sent: Thursday, July 3, 2008 1:36:48 PM
> Subject: how to get private key
>
> Hi
>
> I have general question regarding private key security.
> If a user creates its private public key pair by using some passphrase on a
> system. Can this pair be taken to a different system and decrypt files that were
> generated using its public key? My guess is no, but needed to confirm with you
> guys. If it is possible, then how it will be done, any command to list private
> key etc. Also how can we protect where no one can steel this private key from a
> system other than restricting users access to the system?
>
> Thanks
> naeem
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
More information about the Gnupg-users
mailing list