Enforcing password complexity for private keys

Cyaniventer cyaniventer at riseup.net
Tue Apr 30 15:20:59 CEST 2019

On Tue, 30 Apr 2019 06:55:07 -0400
David Milet <david.milet at gmail.com> wrote:

> Hello
> We’re considering rolling out GnuPG at work for developers to sign
> git commits. How can we prevent developers from choosing a trivial
> password?
> Is there a way for GnuPG to enforce some password complexity on the
> private keys?

imo long term solution will be to tell them more about passwords and
why choosing a good password is important.

Here are a few points you can include:
- how someone can crack their password
- what they can do to keep their accounts secure
- how to generate a good password
- how to use a password manager

BBBB 882A 5A00 FCB6 8704 E9BC 757D E342 DB4E 576C

More information about the Gnupg-users mailing list