Protecting your private key - passphrase

Werner Koch wk at gnupg.org
Mon Dec 14 10:26:40 CET 2020


Hi!

Let me also add that the private key protection mechanism of OpenPGP
does not work like we would do it these days.  Thus my suggestion has
always been: If you need to convey a private key over a public channel
do not rely on the passphrase protection [1] but wrap the backuped key
in a proper OpenPGP encryption message (public key or symmetric with a
good and different passphrase) for transport.  For backup purposes the
passphrase protection system is okay.


Shalom-Salam,

   Werner


[1] Even if the passphrase is strong enough to be published in the NYT.

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201214/119946e1/attachment.sig>


More information about the Gnupg-users mailing list