On 02/28/2011 04:47 AM, Guy Halford-Thompson wrote: > Assuming I have password protected secret keys, can I assume that the > gpg private keyring is secure? I.e., if my private keyring was to > fall into malicious hands, would the aforesaid hands be able to > extract any useful information from my password protected keys? > > I am not taking about super-hackers cracking the keys here here... > just things like metadata associated with the keys... email addresses, > who has signed them, expiry date etc...
No. First, all that metadata is in your public key, not your private key. Second, if your password (should be a "passphrase") is reasonably secure, and by secure, I mean containing a decent amount of entropy (like 120-bits), then you can at least sleep at night. No hacker in the immediate future will be able to use your key until the passphrase is cracked. With that said, if I knew that my private key had fallen into _anyone's_ hands other than my own, I would publish the revocation certificate immediately, push it to every public keyserver, and make an announcement of such to all my contacts. I would then go through the actions of generating a new key, getting new signatures, etc. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
