-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John W. Moore III wrote: > Jean-David Beyer wrote: > > >> But if he somehow got your private key, I do not believe he >> would need your passphrase. > > YES! S/He _would_ need the passphrase even if in possession of the > Private/Secret Key. The passphrase is the "key" that unlocks the Secret > Key which is why there is so much emphasis placed on making sure Your > passphrase is a strong one that cannot easily be guessed or 'Social > Engineered'. > > Should an adversary come into possession of the Secret Key they would > then need to brute force attack the passphrase. <SIGH> > You would certainly need the passphrase to get at the contents of secring.gpg. But if I got the secret key from there, would I still need the passphrase? I.e., does the passphrase control access to the _keyring_ or the _key itself_? I suppose I should look it up in the RFC 4880.
- -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 08:45:01 up 11:37, 4 users, load average: 5.03, 4.38, 4.30 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFIlGWVPtu2XpovyZoRAt53AJ905TQ2aYuKONX4hZJP+X+4hVOC+QCfREzT qm9WdAefCFLv4USLvS9gFRs= =sumU -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
