why we need passphrase

Faramir faramir.cl at gmail.com
Sat Jun 28 20:08:12 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Afzal, Naeem M escribió:
> Hi,
> 
> In order to understand GnuPG, I tried to create private keys on two ubuntu systems. Here are my steps and I would ask my question at the end as I need to show what I did.
> 
> 1. System A: Created private and public key by using 'gpg --gen-key' and then
>         'gpg --export --armor -out userA.asc -r 'USER A'
> 
> 2. System B: Created private and public key by using 'gpg --gen-key' and then imported public key of userA
>         'gpg --import userA.asc'
> 
> 3. System B: encrypted a file for userA using userA's public key '
>         gpg -o file_from_userB -r userA --encrypt file_to_encrypt
> 
> 4. System A: Tried to decrypt file_from_userB
>         gpg -o decrypted_file --decrypt file_from_userB
> at this point, it asks to provide passphrase of userA. Is it possible to avoid where I need to provide passphrase at all? My understanding was that the file was encrypted with userA's credential to begin with, and userA should be decrtypt it without providing any passphrase? How can do this procedure where I don't have to provide passphrase in decryption?


  Because the key itself is protected by a passphrase. You CAN remove
that protection, and you can even generate keys without passphrase.. but
the idea is, if you have to go to the bathroom, and someone else tries
to read your messages, or steal your key... the thief won't have much
luck, since if the passphrase is strong, he wont be able to activate the
key... unless the thief is lucky enough to "guess" the passphrase
hitting the keyboard randomly...

  A good passphrase would make bruteforce attack infeasible, it won't be
in any dictionary (so dictionary attacks won't work)... so, if you
remove the passphrase, you'll want to take extra measures to avoid
problems... but maybe you know nobody is going to touch your computer...

 Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIZn4MAAoJEMV4f6PvczxAw1cIAKoX1tnr4I2iNvu5W13wZ+k5
Q4mGqeGxat9x9r7XVpHm9pisspMr4atSfipA51KIhmSA7DMlPVEr4czU+4QG5kex
nGipcBf5kqtLO7VBXO3LJuEjWa0YBOZktQRkJJga85XI+W43dGSJUsDCz4Qwkaqj
0g7ZKv+BZoVmxZ73Lh9sS5qIPbDnl6TERrKBXYGfdeqIOZodKyZsNsGnojp1OXqM
1KnKYCtGmwuj8HNsrMRVWQ3rJmcrrqBbFUOGKQAqlNHbc3FksSsT1HKsy7kK/LJC
VKS9u1ksf+r7IgCq2+d7WkwoqEppJQV+aR2i6m/YdUTNJ1qEYIIFcU7xa2L4vSM=
=dxuD
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list