GPG clarification

David Smith Dave.Smith at st.com
Tue Jul 6 17:06:46 CEST 2010


Robert wrote:
> 7) I assume the key rings themselves, holding the keys, are encrypted.
> How strong is this encryption in GPG? What algorithm is used, etc? One
> requirement is about compromising the machine with the keys, how easy it
> would be to export the keys. Since the keyring is physically located on
> the machine.

Some thoughts:

GnuPG is generally designed on the assumption that the "source" and
"destination" machines are not compromised.  Yes, the key is kept
encrypted, although I don't know how secure the encryption is.  There
are, of course, other attacks that could be mounted depending on how
badly the machine has been compromised - for example:

 o The attacker could install keystroke logging software or hardware.

 o They could install a compromised version of GnuPG which takes the
   passphrase you type in, uses it to decrypt the secret key, and then
   transmits the unencrypted key to the attacker.

 o They could compromise the OS to intercept system calls

etc...

If this is a serious concern, you may be better off with a GnuPG
smartcard, as then the key is kept in the card and is not copied to the
machine.  The card decrypts the session key and sends it back to the
computer which then uses that session key to decrypt the data.
Therefore, the host never sees the actual secret key.



More information about the Gnupg-users mailing list