Backup of private key

Robert J. Hansen rjh at sixdemonbag.org
Wed Nov 25 23:10:02 CET 2009


Brian O'Kennedy wrote:
> So this implies that I could safely upload my  ascii-armored private
> key to an email server without fear (assuming of course that my
> passphrase is secure and large).

Correct.  You just have to make *absolutely certain* your passphrase is
unguessable.  If someone is able to grab your private key and your
passphrase, then you're in a world of hurt.

> What symmetric encryption is typically used on the key itself? I'm
> assuming that this level of encryption is secure enough to not worry
> about it being broken?

*All* of the ciphers used in GnuPG are secure enough to not worry about
them being broken.  :)  Some of the algorithms GnuPG uses are even rated
by the United States government as being suitable protection for
classified material.

That said, I think the particular algorithm used is CAST.  I might be
mistaken.  It used to be CAST, but it may be AES now.




More information about the Gnupg-users mailing list