KeePass or any other password wallet to store and transport keys
Heinz Diehl
htd at fritha.org
Thu Jul 26 14:43:40 CEST 2012
On 26.07.2012, Faramir wrote:
> > That's security through obscurity assuming the other one
> > won't know where to search for the key, which is not stored with
> > the right extension or in the most common place.
> Not right, if your secret key is protected by a passphrase (or
> strong password), it doesn't matter if the attacker know where to find
> it.
It does matter. Because the software which has generated the key can
be flawed, and thus can have generated a flawed key. Nobody has to
know about such flaws, it's quite likely that an attacker chooses not
to publicate information about that, with the effect that he/she can
use the security hole longer (maybe forever). If it's reported, it
will be fixed immediately.
> Actually, the attacked is very likely to know where it is, since
> probably it will be at the default folder.
This is why smartcards exist.
More information about the Gnupg-users
mailing list