why we need passphrase

Faramir faramir.cl at gmail.com
Sat Jun 28 20:08:12 CEST 2008

Hash: SHA256

Afzal, Naeem M escribió:
> Hi,
> In order to understand GnuPG, I tried to create private keys on two ubuntu systems. Here are my steps and I would ask my question at the end as I need to show what I did.
> 1. System A: Created private and public key by using 'gpg --gen-key' and then
>         'gpg --export --armor -out userA.asc -r 'USER A'
> 2. System B: Created private and public key by using 'gpg --gen-key' and then imported public key of userA
>         'gpg --import userA.asc'
> 3. System B: encrypted a file for userA using userA's public key '
>         gpg -o file_from_userB -r userA --encrypt file_to_encrypt
> 4. System A: Tried to decrypt file_from_userB
>         gpg -o decrypted_file --decrypt file_from_userB
> at this point, it asks to provide passphrase of userA. Is it possible to avoid where I need to provide passphrase at all? My understanding was that the file was encrypted with userA's credential to begin with, and userA should be decrtypt it without providing any passphrase? How can do this procedure where I don't have to provide passphrase in decryption?

  Because the key itself is protected by a passphrase. You CAN remove
that protection, and you can even generate keys without passphrase.. but
the idea is, if you have to go to the bathroom, and someone else tries
to read your messages, or steal your key... the thief won't have much
luck, since if the passphrase is strong, he wont be able to activate the
key... unless the thief is lucky enough to "guess" the passphrase
hitting the keyboard randomly...

  A good passphrase would make bruteforce attack infeasible, it won't be
in any dictionary (so dictionary attacks won't work)... so, if you
remove the passphrase, you'll want to take extra measures to avoid
problems... but maybe you know nobody is going to touch your computer...

Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Gnupg-users mailing list