Protect pubring.gpg and secring.gpg

Faramir at
Fri Sep 5 22:27:13 CEST 2008

Hash: SHA256

David Vegano escribió:
> Hello, i´m a new member of list, and i have a doubt.

  Hello David, welcome!

> Can someone to obtain my pass from the files pubring.gpg and secring.gpg??

  I don't think so, remember the pass is to protect your private keys
(stored in your secring.gpg)... so what you should be worried about is
if they can access the keys... the pass is just the lock you use to
protect them. The thing you use to encrypt or decrypt, it is the key,
not the pass.

  And the pubring is "public"... (Maybe you don't want people knowing if
you have locally signed some public keys, but other than that, there is
not "private" info in the pubring, as far as I know).

> If this possible, how would I protecte these files?

  First, don't use a password, use a passphrase (it's the same thing as
a password, but it is composed of several words, and numbers, and it is
better if the words can't be obtained from a dictionary). I mean, don't
use "Enterprise" as the pass, use something like
"TheEnterpriseIsTheBestSpaceship". But all those words can be found in a
dictionary, and I didn't use any number... so that is not a good
passphrase, it is just an example.

  Anyway, you are in the right path, the passphrase is your last defense
to protect your keys, the idea is to don't let strange people to have
access to the files... And I don't know how to protect them, without
knowing if you share your computer with somebody, what operating system
you are using, and all that info.

  Best Regards
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-users mailing list