Naeem, It's highly unlikely that an individual would be capable of stealing a secret key and using it to decrypt messages. A large corporation or government, maybe. Make your passphrases complex. I'm a little cautious myself with my secret keys, so I use two hardware based approaches to ease my paranoia: 1. I use an openpgp card to keep my normal signing and encryption subkeys secure. 2. I keep my main secret key on a usb flash drive, along with backups of my secret subkeys, and public keys. These are useful resources for further reading: http://www.gnupg.org/howtos/card-howto/en/smartcard-howto.html http://fortytwo.ch/gpg/subkeys Best regards, Harvey
----- Original Message ---- > From: "Afzal, Naeem M" <[EMAIL PROTECTED]> > To: "gnupg-users@gnupg.org" <gnupg-users@gnupg.org> > Sent: Thursday, July 3, 2008 1:36:48 PM > Subject: how to get private key > > Hi > > I have general question regarding private key security. > If a user creates its private public key pair by using some passphrase on a > system. Can this pair be taken to a different system and decrypt files that > were > generated using its public key? My guess is no, but needed to confirm with > you > guys. If it is possible, then how it will be done, any command to list > private > key etc. Also how can we protect where no one can steel this private key from > a > system other than restricting users access to the system? > > Thanks > naeem > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
