blob: 5a370be43ed315174649a51efcf8bc0c74f1eb67 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Remove gpg key passohrase from gpg keys that keysafe backs up.
The reason for this is that the user may well forget their gpg key
passphrase, and it's *weird* to restore a key with keysafe's password
and then have it passphrase protected.
The gpg key passphrase is intended only to keep a key from being used
for a short period of time (a week or so) when the device holding it
is known to have been compromised, so the key can be revoked.
This doesn't really apply to keys backed up with keysafe -- if they get
compromised somehow, the user won't know, and cracking the gpg passphrase
should be almost trivial to an attacker who was able to break keysafe's
password.
paperkey can remove gpg key passphrases. Is there any better way?
It might make sense for keysafe to prompt for a new gpg passphrase
when restoring.
|
