KeePass or any other password wallet to store and transport keys
Doug Barton
dougb at dougbarton.us
Wed Jul 25 20:44:16 CEST 2012
On 07/25/2012 05:29, antispam06 at sent.at wrote:
> I keep the key on the same phisical drive as the encrypted document.
> That's security through obscurity assuming the other one won't know
> where to search for the key, which is not stored with the right
> extension or in the most common place.
I'm still not sure you grasp the security concepts involved here. Short
version, everything that you're doing is useless against a determined
attacker. Particularly, obscuring the location and extension of the key
are incredibly naive, and indicate that you just don't understand what's
going on. I'm sorry to be so blunt, but you keep perpetuating this
discussion even though some really smart people have given you excellent
advice.
The way that you protect your secret key is to hide it behind strong
encryption, with a strong passphrase. GnuPG takes care of the strong
encryption by default, so the passphrase is entirely your responsibility.
That said, given your particular use case, your best bet would be to
forgo encrypting the file to any key at all. Use asymmetric encryption
with a very strong randomly generated password, and store the password
in your KeePass wallet.
Good luck,
Doug
--
If you're never wrong, you're not trying hard enough
More information about the Gnupg-users
mailing list