[Owasp-leaders] Is it ok to share the PGP Keys and keep the PassPhrase private?

Jim Manico jim.manico at owasp.org
Thu Oct 14 06:31:38 EDT 2010


> PGP (creating keys, encrypting/decrypting text and encrypting/decrypting files)

That's the easy stuff, it's no big deal. You are missing the real challenge of applied cryptography, key management. Also, if you are still thinking about "master keys" or "storing keys using OS controls" your defensive theory is off by over a decade or more.

See: 
http://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet#Rule_-_Ensure_that_any_secret_key_is_protected_from_unauthorized_access

-Jim Manico
http://manico.net

On Oct 14, 2010, at 3:08 PM, dinis cruz <dinis.cruz at owasp.org> wrote:

> PGP (creating keys, encrypting/decrypting text and encrypting/decrypting files)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101014/48c819b1/attachment-0001.html 


More information about the OWASP-Leaders mailing list