GPG clarification

David Shaw dshaw at JABBERWOCKY.COM
Tue Jul 6 19:04:14 CEST 2010

On Jul 6, 2010, at 11:06 AM, David Smith wrote:

> Robert wrote:
>> 7) I assume the key rings themselves, holding the keys, are encrypted.
>> How strong is this encryption in GPG? What algorithm is used, etc? One
>> requirement is about compromising the machine with the keys, how easy it
>> would be to export the keys. Since the keyring is physically located on
>> the machine.
> Some thoughts:
> GnuPG is generally designed on the assumption that the "source" and
> "destination" machines are not compromised.  Yes, the key is kept
> encrypted, although I don't know how secure the encryption is.

The encryption used for encrypting secret keys is the same symmetric encryption used for encrypting data.  By default this uses CAST5, but you can change it to whatever you like with --s2k-cipher-algo (and then changing your passphrase).


More information about the Gnupg-users mailing list