[EMAIL PROTECTED] wrote: > I have been using gpg to encrypt/decrypt files on my computer "for my > eyes only". I have been using my public/private keypair on my keyring > to do so. I just discovered that I can use encrypt/decrypt local > files using a symmetric cipher--i.e., you enter one secret passphrase > to encrypt and then enter the same secret passphrase to decrypt. > Since my encryption is only for files for myself, do you think using a > symmetric cipher would be a better idea, or doesn't it matter? Or > is choice of a passphrase a bigger issue than the type of cipher -- > symmetric vs. public/private keypair ?
If your GnuPG keyring files reside on the computer, then either approach is equivalent -- your protection is ultimately determined by the strength of the chosen passphrase protecting the secret key or the encrypted file. Either method will encrypt the file using a symmetric cipher. The difference is that in OpenPGP, a random session key is generated and that is used to symmetrically encrypt the file. Then, the session key is encrypted using the chosen public key(s). The passphrase is only one protection on your keypair and it's pretty much the protection of last resort - given an easily guessable/brute-forced passphrase, it's "Game-Over." if an attacker gets access to the keyring files. Another protection is to physically secure your keyring files (or at the minimum, the secret ring) by storing it on removable media of some sort: floppy, PCMCIA flash card, USB dongle,... and removing that media when you leave the computer. Now, an attacker must have both the media with the secret keyring as well as the secret key's passphrase. If removable media is not an option, or for additional security on removable media, you may use a disk encryption product such as TrueCrypt to create an encrypted volume to store your keyring files. (Hint: Use a new key and passphrase.) -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
