On Wed, May 16, 2007 at 10:24:51PM -0500, Ryan Malayter wrote: > On 5/16/07, Peter Todd <[EMAIL PROTECTED]> wrote: > > Then only that > > passphrase needs to be securely stored and the secret key can be stored > > with standard backup procedures. > > I believe the originally posted question centered around long-term key > storage, for which magnetic and optical media are inadequate. Popular > media would require continual maintenance, such as burning to new > discs every 5-10 years, or upgrading the tape format to LTO-1600 in > 2013. Whether or not the private key is protected by a strong pass > phrase doesn't really matter; how to store and recover a key from > paper is the challenge.
Yes, but my point is that a private key is used in association with data. So we can simply store the encrypted private key along with the data it is supposed to be used with and store on paper nothing but a relatively short (compared to the whole private key) passphrase. Having the private key stored better than the data it is to be used with is pointless. If the data is gone, generally the key isn't very usefull either. Of course this is assuming the symetric encryption is sufficiently secure... Also note that a key used for *signing* rather than encryption poses problems, but even then if you have enough faith in the symetrical encryption, and why not, then I see nothing wrong with distributing the private key alongside the data it is signing. -- http://petertodd.ca
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users