[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [openpgp] Fingerprints

On Mon, Apr 27, 2015 at 12:23 PM, Werner Koch <wk@xxxxxxxxx> wrote:
> On Mon, 27 Apr 2015 18:03, Daniel.Ranft@xxxxxxxx said:
>> You could use a QR code for at least the business cards? We discussed something like that on the OpenPGP summit a couple of days ago.
> During one session it was remarked that one of the larger participating
> projects got research results on QR codes indicating that QR codes don't
> work reliable for mass deployment.  Thus for backing up and syncing
> private keys they use a letters and digits based code to seed a PRNG.

I can't see the point of that.

Encryption of the private key works fine. We have many resources that
allow us to deposit chunks of data in the cloud and rely on them being
available in the future.

Note that here we are talking about THE cloud, not A cloud. While
there are many clouds for computing, archival storage of vital data is
an example of an application where the network effects come into play.

Encrypt the private key(s) under a symmetric key, split the symmetric
key into as many shares as you need. Print out the key shares on paper
and you are done.

openpgp mailing list