On 27/07/17 11:24, MFPA wrote: > Have you considered using a password manager to remember them?
What would be the purpose? I already fail to see the problem of GnuPG filling in a passphrase it already knows... surely an attacker would try the same thing as well, I don't know what GnuPG not trying a known passphrase would actually gain you in security. GnuPG is not your attacker. Adding a passphrase manager only introduces another layer of indirection plus extra steps for the user to unlock their key, but it seems to solve no actual problem. It just moves the item that is of interest to the attacker. Mario, if you for some reason don't like to unlock both keys at once, for instance so you notice the first time during your session you use your key, you could also add a number to the passphrase. For instance, if your passphrase for both keys is "This is surely suboptimal", you could give one key the passphrase "This is surely suboptimal1" and the other "This is surely suboptimal2". Then GnuPG won't unlock both keys at once, but you still don't need to remember more than when you shared the passphrase. If you can't remember which is 1 and which is 2, use something you can recognise. For instance, if the pinentry asks you "Please unlock key 0x6228A8BC", you could append a C, the very last digit of the identifier. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users