ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Fingerprints

2015-04-27 15:57:56
On Mon, Apr 27, 2015 at 4:34 PM, Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
On Mon, 27 Apr 2015 19:58, phill(_at_)hallambaker(_dot_)com said:

work reliable for mass deployment.  Thus for backing up and syncing
private keys they use a letters and digits based code to seed a PRNG.

I can't see the point of that.

The point is that typing

  A3HT-378G-WE7Q-....

works more reliable than scanning QR codes.

Encrypt the private key(s) under a symmetric key, split the symmetric
key into as many shares as you need. Print out the key shares on paper

Nobody talked about key splitting.

It can be added to either.

The difference between the approaches is as follows

With generation from seed we take a secret s and then generate K(s)
which requires the generation of the key to be completely
standardized.

With encryption of the private key we generate and dispose of a random
number p and use it as a seed, generate K(p) and then archive an
encrypted version under symmetric key s.


I prefer the second reason because it can be applied to any public key
algorithm and does not require a specific generation approach. Now
admittedly when we get to ECC algorithms, generation is not exactly
complicated.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>