how to get private key

Harvey Muller hlmuller at yahoo.com
Thu Jul 3 20:59:43 CEST 2008


Naeem,
It's highly unlikely that an individual would be capable of stealing a secret key and using it to decrypt messages.  A large corporation or government, maybe.  Make your passphrases complex.
I'm a little cautious myself with my secret keys, so I use two hardware based approaches to ease my paranoia:
1.  I use an openpgp card to keep my normal signing and encryption subkeys secure.
2.  I keep my main secret key on a usb flash drive, along with backups of my secret subkeys, and public keys.
These are useful resources for further reading:
http://www.gnupg.org/howtos/card-howto/en/smartcard-howto.html
http://fortytwo.ch/gpg/subkeys
Best regards,
Harvey


----- Original Message ----
> From: "Afzal, Naeem M" <naeem.m.afzal at intel.com>
> To: "gnupg-users at gnupg.org" <gnupg-users at gnupg.org>
> Sent: Thursday, July 3, 2008 1:36:48 PM
> Subject: how to get private key
> 
> Hi
> 
> I have general question regarding private key security.
> If a user creates its private public key pair by using some passphrase on a 
> system. Can this pair be taken to a different system and decrypt files that were 
> generated using its public key? My guess is no, but needed to confirm with you 
> guys. If it is possible, then how it will be done, any command to list private 
> key etc. Also how can we protect where no one can steel this private key from a 
> system other than restricting users access to the system?
> 
> Thanks
> naeem
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users




More information about the Gnupg-users mailing list