import trustdb.gpg or start from scratch?
Johannes Gerer
kuerzn at googlemail.com
Wed Nov 14 11:34:53 CET 2012
How do I decrypt my backup in case of a disaster, if the secret key is in
the encrypted backup?
Am 14.11.2012 11:08 schrieb "Werner Koch" <wk at gnupg.org>:
> On Wed, 14 Nov 2012 00:27, rjh at sixdemonbag.org said:
>
> > Including random_seed? I've always been under the impression that's a
> > big no-no.
>
> Well, it is a backup and assumed to be used after a loss of data and not
> to replicate the data to several sites.
>
> random_seed is a cache file to speed up things. It is never used
> directly. For key generation we make sure that at least 300 fresh
> random bytes are mixed into the 600 bytes of the random pool (the state
> on which the RNG works).
>
> For session keys, we work on a random pool which has been initialized
> from the random_seed file. But we also mix some other state into it
> (from the fast entropy gatherer). Without a random_seed file, every use
> of session keys (i.e. a plain public key encryption) would require a lot
> of time to get entropy from the slow gatherer (usually /dev/random).
> That just takes too long and wastes precious entropy.
>
> Thus I consider it better to backup everything than to forget an
> important file. Backup's are always encrypted - aren't they?
>
>
> Shalom-Salam,
>
> Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20121114/67961e47/attachment.htm>
More information about the Gnupg-users
mailing list