1992-12-28 - Re: Secret PGP Keys

Header Data

From: edgar@spectrx.saigon.com (Edgar W. Swank)
To: Cypherpunks <cypherpunks@toad.com>
Message Hash: 313977a270bb08c547fd610b298a4171006d9e1783227f8cf3999d2ae8864174
Message ID: <s1kewB3w165w@spectrx.saigon.com>
Reply To: N/A
UTC Datetime: 1992-12-28 08:54:17 UTC
Raw Date: Mon, 28 Dec 92 00:54:17 PST

Raw message

From: edgar@spectrx.saigon.com (Edgar W. Swank)
Date: Mon, 28 Dec 92 00:54:17 PST
To: Cypherpunks          <cypherpunks@toad.com>
Subject: Re: Secret PGP Keys
Message-ID: <s1kewB3w165w@spectrx.saigon.com>
MIME-Version: 1.0
Content-Type: text/plain


In response to Anton Sherwoods Dec 22 posting:
 
    Here's a lame question from a beginner who hasn't even downloaded
    PGP:
 
    Am I supposed to memorize my private key, lest cops beat down the
    door while I'm out?
 
You would find it difficult to memorize your PGP secret key.
It's 384-1024 bits assigned by PGP when it generates a key pair.
There's not even any provision for manually entering your secret
key. It's only useful in electronic form, on your disk. Which is not
to say it may be useful to store it on a floppy at some location
removed from the computer in some situations.
 
However, PGP has added something called a "pass phrase" which you
can assign to your secret key when you generate a key pair. The
pass phrase is optional, but strongly advised. Since you make it up,
it should be easy to memorize, so *don't* write it down or store it
anywhere where unfriendly forces could find it.
 
PGP uses the pass phrase you assign to encrypt the stored version of
the secret key it generates for you.  The pass phrase is therefore
required (and is prompted for) before the secret key can be used to
either decrypt incoming mail or sign outgoing mail.
 
This is your defense against the cops beating down the door.  They
will find the (encrypted) secret key on your disk.  The pass phrase is
in your head and you have a right to remain silent; use it.
 
There might be some situation where a judge could order you to give
up the pass phrase: you are granted immunity from criminal prosecution
(but you don't want to incriminate your friends) or in a civil
discovery action.  In this case, just claim to have forgotten the
pass phrase in the stress of the situation. Stick to that; no-one
can prove otherwise.

--
edgar@spectrx.saigon.com (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Silicon Valley, Ca






Thread