On 03/04/17 08:25, Doug Barton wrote: > That said, as long as you have a suitable passphrase your risk of key > compromise is really, really minimal, even if they did get total control > over your device. Barring coercion, the chances of someone guessing your > passphrase is near zero. And currently that's the only way to gain > access to a secret key, even if you have it in your possession.
I might misunderstand what you mean. But when somebody has full access to your device, they can simply log your keystrokes when you type the passphrase, and get your passphrase that way. Key compromise is very well possible without you knowningly handing over the passphrase. More generally, it is impossible to use GnuPG in a meaningful way on a compromised device. I think this generally goes for pretty much all cryptography. Different solutions limit compromise in different ways, but to actually keep on using cryptography problem-free, I don't think that will work. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
