Backup of GPG private keys?

Werner Koch wk at gnupg.org
Fri Jan 28 08:18:13 CET 2022


On Thu, 27 Jan 2022 08:25, Teemu Likonen said:

> outside your normal computers I suggest using the export format: "gpg
> --export-secret-keys".

Note that there is an attack on the private key export format.  Thus my
recommendation not to rely on this unless you can make sure that the
exported keys in the backup have not been modified.  The problem here is
that the public parts of the encrypted private parts are not
authenticated and by modifying the public parts and tricking the user to
import such a modified backup, information about the secret key can be
revealed.

GnuPG's internal format to store the private key is not affected by this
problem because the public parameters are authenticated.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220128/1a603317/attachment.sig>


More information about the Gnupg-users mailing list