private key protection

Robert J. Hansen rjh at
Tue Oct 18 15:19:25 CEST 2011

On 10/18/2011 9:08 AM, Jerome Baum wrote:
> Makes sense if there's no context. But there's context here --
> "cryptography". In that context, key means something specific.

This ain't EUROCRYPT or FINANCIAL CRYPTOGRAPHY.  If you're reading
professional journals that are talking about crypto in purely
mathematical terms, then yes, 'key' means that.

However, in the context of OpenPGP and its predecessors there's about 20
years of precedent for using 'key' to reference the collection of
subkeys, user IDs, user attributes, signatures, and so on.  This goes
back all the way to the early 1990s.

Arguably we should be using 'certificate' to describe keys, but
honestly, that's a losing battle: the community's inertia on the subject
of 'key' is immense.

More information about the Gnupg-users mailing list