Enforcing password complexity for private keys

David Milet david.milet at gmail.com
Tue Apr 30 23:59:12 CEST 2019


Indeed it’s specified in the OpenPGP card specs. 
I have my answers 
Thanks 
David

> On Apr 30, 2019, at 14:13, Juergen Bruckner <juergen at bruckner.tk> wrote:
> 
> Well I may be (partly) wrong, but I guess a 6digit PIN-Code on the
> GnuPG-Card may be complex enough for the most security settings.
> 
> my2c
> Juergen
> 
>> Am 30.04.19 um 19:40 schrieb David Milet:
>> Yes, we’re considering using smart cards or usb devices like Yubikey.
>> Do those enforce password complexity?
>> 
>> To answer suggestions in other replies, our developers are savvy enough, and we do have recurring training in place to stress the importance of good passwords. But we know also that some developers will choose the weakest password the system allows, making them the weakest link.
>> 
>>> On Apr 30, 2019, at 13:21, Juergen Bruckner <juergen at bruckner.tk> wrote:
>>> 
>>> Hello David,
>>> 
>>> have you ever thought about using SmartCards?
>>> GnuPG has a built in SmartCard service.
>>> 
>>> regards
>>> Juergen
>>> 
>>>> Am 30.04.19 um 12:55 schrieb David Milet:
>>>> Hello
>>>> 
>>>> We’re considering rolling out GnuPG at work for developers to sign git commits.
>>>> How can we prevent developers from choosing a trivial password?
>>>> 
>>>> Is there a way for GnuPG to enforce some password complexity on the private keys?
>>>> 
>>>> Is that something that a Yubikey could do? 
>>>> 
>>>> Many thanks!
>>>> David
>>>> _______________________________________________
>>>> Gnupg-users mailing list
>>>> Gnupg-users at gnupg.org
>>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>>> 
>>> 
>>> -- 
>>> Juergen M. Bruckner
>>> juergen at bruckner.tk
>>> 
>>> _______________________________________________
>>> Gnupg-users mailing list
>>> Gnupg-users at gnupg.org
>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>> 
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>> 
> 
> -- 
> Juergen M. Bruckner
> juergen at bruckner.tk
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



More information about the Gnupg-users mailing list