private key protection

Robert J. Hansen rjh at
Tue Oct 18 14:22:32 CEST 2011

On 10/18/2011 8:10 AM, Jerome Baum wrote:
> If I manage to steal your private keyring, then yes the very strong
> passphrase should grind my attempts to steal your key to a halt. If I
> manage to steal your private _key_ OTOH, I don't need to get past your
> passphrase as that doesn't come into play.


Have you looked at how GnuPG stores a keyring?  It's a sequential series
of individual keys, one octet after another.  There is no difference
between an individual private key and a keyring containing one entry.

(Note: this was true as of early in the GnuPG 1.4 days, which was the
last time I seriously looked at the code.  I'm going from a memory a few
years old here.)

What you seem to be saying is "if I steal your decrypted key, which is
to say the raw key material...".  Well, okay: but we already know that's
a game-over state, which makes your statement trivial.

More information about the Gnupg-users mailing list