Backup of private key
Robert J. Hansen
rjh at sixdemonbag.org
Wed Nov 25 23:10:02 CET 2009
Brian O'Kennedy wrote:
> So this implies that I could safely upload my ascii-armored private
> key to an email server without fear (assuming of course that my
> passphrase is secure and large).
Correct. You just have to make *absolutely certain* your passphrase is
unguessable. If someone is able to grab your private key and your
passphrase, then you're in a world of hurt.
> What symmetric encryption is typically used on the key itself? I'm
> assuming that this level of encryption is secure enough to not worry
> about it being broken?
*All* of the ciphers used in GnuPG are secure enough to not worry about
them being broken. :) Some of the algorithms GnuPG uses are even rated
by the United States government as being suitable protection for
classified material.
That said, I think the particular algorithm used is CAST. I might be
mistaken. It used to be CAST, but it may be AES now.
More information about the Gnupg-users
mailing list