Who protects the private key (was: Changing the encryption algorithm used for PGP/GPG private key)
Bernhard Reiter
bernhard at intevation.de
Thu Feb 24 10:56:33 CET 2022
Am Sonntag 20 Februar 2022 09:30:36 schrieb Daniel Colquitt via Gnupg-users:
> I agree with you, and Robert Hansen above, insofar as there is no practical
> weakness in using SHA-1 as part of a key derivation algorithm.
(for protecting exported private keys)
> Nevertheless it does seem imprudent to use a formally broken hash function
> by default, whilst silently ignoring options that users would reasonably
> expect to change the algorithms used.
The point, as I understand it, is compatibility.
Exporting and importing a private OpenPGP key is expected to work for many
implementations and over several software revisions and years. So adhereing
to a standard (OpenPGP in this case) seems a good choice.
You can use additional protection layers, as Werner suggested.
This seems also reasonable from a usability point of view as exporting,
transfering and importing of private OpenPGP keys is a rare process.
Best Regards,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220224/7be0d5a4/attachment.sig>
More information about the Gnupg-users
mailing list