pedro.markov at ml1.net
pedro.markov at ml1.net
Mon Jul 28 23:35:19 CEST 2014
You lost me with the "emails" stuff. ( i don't know what do they have to do
in this topic)
What I'm saying it is pretty easy, I'm bad with passwords, so i rather
damage the key than remember a password.
After the answers that people gave me, i improved so much my
method, so this is a step by step.
1) Create keypair, and give some hint in the comment,
so you don't forget it for exmple "what was your first girlfriends
name?" or some silly
question. (This is just for extra protection. You could even write the
real password on the comment
but be aware that this will be public on your public key)
2) Export the public and secure key.
3) Remove the keys from keyring, and re-import the public key.
4) Damage my private key. (Ex: inverse X and X line, Replace X and X
5) Encrypt everything that you have to encrypt with the public key, you
can even make it "Public".
With this method, the day that you try to decrypt your data you wont
need to remember a password.
Also, if some Mallory gets in to your computer/server/whatever even if
he gets a copy of your private key he won't
be able to load it and try to use Brute force on it. He will need to
repair the key before ( and good luck for that )
Note. I think that for extra security i will generate the keys in a usb
stick that i'll overwrite
with zeros after corrupting the private key. This will prevent some
smart mallory from using
software as testdisk to recover deleted data.
On 07/28/2014 11:04 PM, flapflap wrote:
> pedro.markov at ml1.net:
>>> When would this be useful? The public key is public, and anyone with
>>> it could decode the message. To secure a message such that only the
>>> desired recipient can read it, you should encrypt a message to the
>>> recipient's public key so that only their private key can decrypt it.
>>> Simply put, I don't understand a situation where using your system
>>> would be an improvement over the current system, but perhaps I
>>> misunderstand sometihng.
>> Using this method there is no "password required", it is only need to
>> know how to rebuild the public key. So you can safely store
>> a "damaged public key" on your computer/web server/ whatever and if
>> some one steal it he won't be able to get your information.
>> I find this very attractive, because i could damage the key and still
>> remember how to fix it many years after, But it is by sure that
>> i wont remember an unic password 5 or 10 years after. ( maybe other
>> people can )
> This does not make sense to me.
> You want to protect the information your public key reveals from an
> attacker with access to your machine. This sounds like you manually
> want to, for example, fill the field for "email" with "XXXXXXXX" and
> only you know that the key is valid when you write "email at example.com"
> in it. (have I understood it correctly so far?)
> Why would you create a key with "email at example.com" as "email" in the
> first place when you actually don't want "email at example.com" to be in
> Why not just create a key saying "" or "XXXXX" for "email" instead?
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
More information about the Gnupg-users