Protect pubring.gpg and secring.gpg

David Vegano xploiting at hotmail.com
Fri Sep 5 23:16:10 CEST 2008


uhmm, i see...

and would I to encrypt the secring.gpg file? 

This form, if they intercept my passphrase (with a keylogger for example), they wouldn´t nothing to do.

It´s a goog idea encrypt secring.gpg file?








_______________________________________________________________________________________________________________________________________________

Go Vegan!My personal blogsite: http://informativolibre.blogspot.com/
My vegan blogsite: http://veganismoenlared.blogspot.com/
                         


> Date: Fri, 5 Sep 2008 16:27:13 -0400
> From: faramir.cl at gmail.com
> To: gnupg-users at gnupg.org
> Subject: Re: Protect pubring.gpg and secring.gpg
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> David Vegano escribió:
> > 
> > Hello, i´m a new member of list, and i have a doubt.
> 
>   Hello David, welcome!
> 
> > Can someone to obtain my pass from the files pubring.gpg and secring.gpg??
> 
>   I don't think so, remember the pass is to protect your private keys
> (stored in your secring.gpg)... so what you should be worried about is
> if they can access the keys... the pass is just the lock you use to
> protect them. The thing you use to encrypt or decrypt, it is the key,
> not the pass.
> 
>   And the pubring is "public"... (Maybe you don't want people knowing if
> you have locally signed some public keys, but other than that, there is
> not "private" info in the pubring, as far as I know).
> 
> > If this possible, how would I protecte these files?
> 
>   First, don't use a password, use a passphrase (it's the same thing as
> a password, but it is composed of several words, and numbers, and it is
> better if the words can't be obtained from a dictionary). I mean, don't
> use "Enterprise" as the pass, use something like
> "TheEnterpriseIsTheBestSpaceship". But all those words can be found in a
> dictionary, and I didn't use any number... so that is not a good
> passphrase, it is just an example.
> 
>   Anyway, you are in the right path, the passphrase is your last defense
> to protect your keys, the idea is to don't let strange people to have
> access to the files... And I don't know how to protect them, without
> knowing if you share your computer with somebody, what operating system
> you are using, and all that info.
> 
>   Best Regards
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iQEcBAEBCAAGBQJIwZOxAAoJEMV4f6PvczxAKRwIAK3ryrooacH+tTQsiFPqMfXX
> 2uI8WYuaxYO6EhrOu7fc4cyrbcjbUHCfnpK1JxoqRGIVJiZMKA11MrAQhvKoa66J
> GCRNN0YqWYwF0XVANpkrhfiM6uLY3Af2TxYFSN3kLMBH5BKH10NvcQB4OVH0yXOv
> xb06nUbGVh7eNMY4y0+GenO5WpqMI+2kI2UZiiGriL6fA8zuMR3ddsUPEAul01bo
> mHkEfqNfUzskDn8gTxHpnvydC04ZFPAiqKKm31v8fW3idjdnKhrIiKXUXMw+QNnr
> dFTAftSH1vIN8VxxZvYACImAKWHUEEAhCRRXACNnXRyYsmJW2jyOZ/xwya3K5Q4=
> =s5ig
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080905/b7971454/attachment.htm>


More information about the Gnupg-users mailing list