Mailing List Archive: Public Keyring Security

Public Keyring Security

May 24, 2020, 9:51 PM

Post #1 of 3 (185 views)

With the posts of backing up files and anonymous private keys it got me
thinking. Is there a mechanism in place that protects (encrypts) a
public keyring? They can be thought of as sort of an address book or
contact list and with some mail providers encrypting contacts I wondered
if such a thing existed with pgp keys?

Obviously I know you can install it an encrypted volume (depending on
your OS) but was curious if the program or even the "pgp standard" took
that into consideration or am I just too bored and that it's a stupid idea?

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Public Keyring Security [ In reply to ]

rjh at sixdemonbag

May 25, 2020, 12:06 AM

Post #2 of 3 (185 views)

Permalink

> Obviously I know you can install it an encrypted volume (depending on
> your OS) but was curious if the program or even the "pgp standard" took
> that into consideration or am I just too bored and that it's a stupid idea?

The OpenPGP standard dates back to the mid-1990s, when PGP 3 was first
being considered. (It was never released: the next version of PGP was
actually PGP 5.) Our understanding of the risks of metadata have
evolved significantly since then: it's possible that if OpenPGP were
being designed fresh today on a clean sheet of paper there would be some
mechanism in place to obscure or conceal metadata.

Which is, of course, another way of saying that at present OpenPGP is
completely silent on this subject. If you want your public keyring to
be a confidential secret, the way to do that is to store it on an
encrypted file system.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Public Keyring Security [ In reply to ]

azbigdogs at gmx

May 25, 2020, 3:23 PM

Post #3 of 3 (183 views)

Permalink

That is what I had figured. Like I said I was just bored and the though
popped in my head if that was something ever discussed.

On 5/25/2020 12:06 AM, Robert J. Hansen wrote:
>> Obviously I know you can install it an encrypted volume (depending on
>> your OS) but was curious if the program or even the "pgp standard" took
>> that into consideration or am I just too bored and that it's a stupid idea?
> The OpenPGP standard dates back to the mid-1990s, when PGP 3 was first
> being considered. (It was never released: the next version of PGP was
> actually PGP 5.) Our understanding of the risks of metadata have
> evolved significantly since then: it's possible that if OpenPGP were
> being designed fresh today on a clean sheet of paper there would be some
> mechanism in place to obscure or conceal metadata.
>
> Which is, of course, another way of saying that at present OpenPGP is
> completely silent on this subject. If you want your public keyring to
> be a confidential secret, the way to do that is to store it on an
> encrypted file system.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users