private key protection
Robert J. Hansen
rjh at sixdemonbag.org
Tue Oct 18 14:22:32 CEST 2011
On 10/18/2011 8:10 AM, Jerome Baum wrote:
> If I manage to steal your private keyring, then yes the very strong
> passphrase should grind my attempts to steal your key to a halt. If I
> manage to steal your private _key_ OTOH, I don't need to get past your
> passphrase as that doesn't come into play.
Have you looked at how GnuPG stores a keyring? It's a sequential series
of individual keys, one octet after another. There is no difference
between an individual private key and a keyring containing one entry.
(Note: this was true as of early in the GnuPG 1.4 days, which was the
last time I seriously looked at the code. I'm going from a memory a few
years old here.)
What you seem to be saying is "if I steal your decrypted key, which is
to say the raw key material...". Well, okay: but we already know that's
a game-over state, which makes your statement trivial.
More information about the Gnupg-users