Backup of Keys
azbigdogs at gmx.com
Sun May 24 19:11:29 CEST 2020
Interesting points... I'm not sure I have all those files such as the
TOFU (have to actually read more about it). I think if all the
important files are stored in an encrypted container, they should be
On 5/24/2020 9:16 AM, Peter Lebbing wrote:
> On 24/05/2020 16:05, Felix Finch wrote:
>> Out of curiosity ... how safe are these files as is, assuming the
>> private key file has a good strong passphrase?
> The safety of the private key purely depends on the strength of the
> passphrase. Note that backups will have the passphrase that was set when
> the backup was _made_. Changing the passphrase on your computer will not
> change the passphrase in any older backups.
> But there is more data in your GnuPG homedir that is not encrypted but
> is privacy-sensitive. If you ever assign someone ownertrust, that will
> be reflected there. It indicates how much you trust people to correctly
> verify other people's identities and how well you trust them to keep
> their private key private. Your brother-in-law might be offended by you
> assigning him "NEVER TRUST", and your partner might not appreciate you
> apparently having somewhat recently assigned positive trust to that ex
> you swore you never saw anymore.
> And then there is the history data for TOFU, which exposes some data
> about when you verified signatures by other people or when you encrypted
> something to someone. This data is there to help you analyse
> trustworthiness about the third party in question when so prompted, but
> it is also communication metadata about you.
> These pieces of data might not exist for your particular configuration,
> but they can exist.
>> How hard is it to crack a good passphrase?
> I think the definition of a good passphrase is that it is infeasible to
> crack it. That makes it circular reasoning.
> A well-executed "Correct Horse Battery Staple" passphrase or a long
> enough diceware passphrase cannot be cracked. The problem is determining
> whether you did it right or are misunderstanding some vital detail of
> creating a good passphrase.
> For instance, actually choosing "Correct Horse Battery Staple" is about
> the worst thing you can do... :-)
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users