new helper program for configuration import / export

Hauke Laging mailinglisten at
Sun Oct 19 22:08:01 CEST 2014

Am So 19.10.2014, 21:10:20 schrieb Peter Lebbing:

> It is clear you are not working on the same assumption as I did: that
> there were already good passphrases on the keys, because this is
> simply good practice

A good passphrase doesn't help against online attacks. The usual 
protection against offline attacks is volume encryption. Thus a strong 
passphrase (and who wants to enter that often?) is useful for those 
people without volume encryption only. But my experience is that many 
people do not use a good passphrase even without volume encryption. We 
have to accept that. But it seems to me to make sense to suggest a 
better passphrase at least for key files which are send via email or 
stored on USB sticks.

> Have you thought of a way to only have to enter a password once and
> use that for each (sub)key you wish to change, without keeping it in
> swap-eligible memory?

No. Why should that be better / easier than encrypting the whole 
archive? Especially as there may be other information in ~/.gnupg which 
you don't want to become public.

> Perhaps you could elaborate on the procedure you have in mind.

1) Select the files.
2) Create the archive.
3) Encrypt the archive. (I just realize that gpg-zip does not encrypt 
the whole archive)

Crypto für alle:
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20141019/2c083e38/attachment.sig>

More information about the Gnupg-users mailing list