Starting with gnupg
Jean-David Beyer
jeandavid8 at verizon.net
Sat Aug 2 15:48:05 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John W. Moore III wrote:
> Jean-David Beyer wrote:
>
>
>> But if he somehow got your private key, I do not believe he
>> would need your passphrase.
>
> YES! S/He _would_ need the passphrase even if in possession of the
> Private/Secret Key. The passphrase is the "key" that unlocks the Secret
> Key which is why there is so much emphasis placed on making sure Your
> passphrase is a strong one that cannot easily be guessed or 'Social
> Engineered'.
>
> Should an adversary come into possession of the Secret Key they would
> then need to brute force attack the passphrase. <SIGH>
>
You would certainly need the passphrase to get at the contents of
secring.gpg. But if I got the secret key from there, would I still need the
passphrase? I.e., does the passphrase control access to the _keyring_ or the
_key itself_? I suppose I should look it up in the RFC 4880.
- --
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 08:45:01 up 11:37, 4 users, load average: 5.03, 4.38, 4.30
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org
iD8DBQFIlGWVPtu2XpovyZoRAt53AJ905TQ2aYuKONX4hZJP+X+4hVOC+QCfREzT
qm9WdAefCFLv4USLvS9gFRs=
=sumU
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list