KeePass or any other password wallet to store and transport keys
Peter Lebbing
peter at digitalbrains.com
Mon Jul 23 16:25:41 CEST 2012
A different method I'd like to throw in for consideration is using a very strong
random password generated by KeePass as the password to unlock your OpenPGP
private key.
A "password" with a lot of randomness is comparable to a symmetric encryption
key when fed to GnuPG. GnuPG will still throw in extra processing with a
String-To-Key conversion and a random session key, so there is some unnecessary
stacking of cryptographic operations, but as long as the weakest link isn't too
weak, I don't see much of a problem. [Hmmm, I must say that sounds like a rather
empty statement which is vacuously true...]
I'm assuming the reason for all of this is reduction of the number of difficult
passphrases to remember (incidentally the precise use case of KeePass). By using
a cryptographically strong password as just described, I think you get about the
same effective level of security as when you store unprotected OpenPGP key
material in your KeePass wallet, but at a greater convenience level. Although
you probably need to turn off keyboard grabbing and such for the pinentry
helper, which does reduce safety. Without turning off keyboard grabbing, you
probably can't paste the password from the clipboard.
HTH,
Peter.
PS: If you do store unprotected key material in your KeePass wallet, mind where
you put it when you want it used by GnuPG. The material could be left on your
hard drive depending on how you do it.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt
More information about the Gnupg-users
mailing list