diff options
Diffstat (limited to 'doc/todo/remove_gpg_key_passphrase_from_backed_up_gpg_keys.mdwn')
-rw-r--r-- | doc/todo/remove_gpg_key_passphrase_from_backed_up_gpg_keys.mdwn | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/todo/remove_gpg_key_passphrase_from_backed_up_gpg_keys.mdwn b/doc/todo/remove_gpg_key_passphrase_from_backed_up_gpg_keys.mdwn new file mode 100644 index 0000000..5a370be --- /dev/null +++ b/doc/todo/remove_gpg_key_passphrase_from_backed_up_gpg_keys.mdwn @@ -0,0 +1,17 @@ +Remove gpg key passohrase from gpg keys that keysafe backs up. + +The reason for this is that the user may well forget their gpg key +passphrase, and it's *weird* to restore a key with keysafe's password +and then have it passphrase protected. + +The gpg key passphrase is intended only to keep a key from being used +for a short period of time (a week or so) when the device holding it +is known to have been compromised, so the key can be revoked. +This doesn't really apply to keys backed up with keysafe -- if they get +compromised somehow, the user won't know, and cracking the gpg passphrase +should be almost trivial to an attacker who was able to break keysafe's +password. + +paperkey can remove gpg key passphrases. Is there any better way? +It might make sense for keysafe to prompt for a new gpg passphrase +when restoring. |