Backup of encrypted private key on uncontrolled disks

Dave English dave at
Thu Nov 20 18:33:52 CET 2014

Hint: do you always wear a hood over your head and the keyboard when entering your passphrase?

Dave English

> On 20 Nov 2014, at 16:54, Shea Levy <shea at> wrote:
> Hmm, I’m having a hard time imagining how someone could get me to divulge the passphrase if they couldn’t also get me to hand over the key backups I own. Of course, my imagination is not the limit here, so is there something I’m missing?
> Thanks,
> Shea
>> On Nov 20, 2014, at 11:27 AM, Robert J. Hansen <rjh at> wrote:
>>> My private key is encrypted with a very strong passphrase (10 word
>>> diceware [1], not written down, 129 bits of entropy). Given that, is it
>>> safe to back it up on disks I don't control, such as a private S3 bucket
>>> or a VPS? My intuition says yes, but I've learned to never trust my
>>> intuition when it comes to security.
>> If you are completely confident that no one will ever get your passphrase from you, this is safe.  Otherwise, it's not.
>> It may be appropriate to have a little caution with respect to whether you believe anyone will ever get your passphrase from you.
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20141120/a359511e/attachment.sig>

More information about the Gnupg-users mailing list