Backing up your PGP key by hand

Werner Koch wk at gnupg.org
Tue May 31 10:12:56 CEST 2022


On Mon, 30 May 2022 19:52, Matt Borja said:

>       - Related to this approach: Is the passphrase on a private key not
>       sufficient encryption strength to store the private key in a secure cloud
>       vault for archival purposes; or could it not be paired with a

The currently used protection of private keys as specified by OpenPGP
allows to attack the key iff the attacker has a way to modify the
protected key on the transport.

This is not the old Klima/Rosa attack but a new attack which takes
advantage of the fact that the public key parts are not bound to the
encrypted private parts of the key.  Thus the suggestion is to not rely
on the OpenPGP private key protection but to convey those private keys
with an additional OpenPGP encryption layer.

Note that the internal format used by GnuPG to store the private keys is
not affected buy this attack.  This is because the public key parts in
the files below private-keys-v1.d are included in the authenticated
encryption of the private parts as additional data
(openpgp-s2k3-sha1-aes-cbc and openpgp-s2k3-ocb-aes schemes)

Always take care when conveying private keys.


Salam-Shalom,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220531/ad8ea0d4/attachment.sig>


More information about the Gnupg-users mailing list