Backup of Keys

Mark azbigdogs at gmx.com
Sun May 24 19:11:29 CEST 2020 

Interesting points... I'm not sure I have all those files such as the
TOFU (have to actually read more about it).  I think if all the
important files are stored in an encrypted container, they should be
pretty secure.

On 5/24/2020 9:16 AM, Peter Lebbing wrote:
> Hi,
>
> On 24/05/2020 16:05, Felix Finch wrote:
>> Out of curiosity ... how safe are these files as is, assuming the
>> private key file has a good strong passphrase?
> The safety of the private key purely depends on the strength of the
> passphrase. Note that backups will have the passphrase that was set when
> the backup was _made_. Changing the passphrase on your computer will not
> change the passphrase in any older backups.
>
> But there is more data in your GnuPG homedir that is not encrypted but
> is privacy-sensitive. If you ever assign someone ownertrust, that will
> be reflected there. It indicates how much you trust people to correctly
> verify other people's identities and how well you trust them to keep
> their private key private. Your brother-in-law might be offended by you
> assigning him "NEVER TRUST", and your partner might not appreciate you
> apparently having somewhat recently assigned positive trust to that ex
> you swore you never saw anymore.
>
> And then there is the history data for TOFU, which exposes some data
> about when you verified signatures by other people or when you encrypted
> something to someone. This data is there to help you analyse
> trustworthiness about the third party in question when so prompted, but
> it is also communication metadata about you.
>
> These pieces of data might not exist for your particular configuration,
> but they can exist.
>
>> How hard is it to crack a good passphrase?
> I think the definition of a good passphrase is that it is infeasible to
> crack it. That makes it circular reasoning.
>
> A well-executed "Correct Horse Battery Staple" passphrase or a long
> enough diceware passphrase cannot be cracked. The problem is determining
> whether you did it right or are misunderstanding some vital detail of
> creating a good passphrase.
>
> For instance, actually choosing "Correct Horse Battery Staple" is about
> the worst thing you can do... :-)
>
> HTH,
>
> Peter.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200524/4279a4f2/attachment.html>

More information about the Gnupg-users mailing list