[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [openpgp] Fingerprints

On Mon, Apr 27, 2015 at 4:34 PM, Werner Koch <wk@xxxxxxxxx> wrote:
> On Mon, 27 Apr 2015 19:58, phill@xxxxxxxxxxxxxxx said:
>>> work reliable for mass deployment.  Thus for backing up and syncing
>>> private keys they use a letters and digits based code to seed a PRNG.
>> I can't see the point of that.
> The point is that typing
>   A3HT-378G-WE7Q-....
> works more reliable than scanning QR codes.
>> Encrypt the private key(s) under a symmetric key, split the symmetric
>> key into as many shares as you need. Print out the key shares on paper
> Nobody talked about key splitting.

It can be added to either.

The difference between the approaches is as follows

With generation from seed we take a secret s and then generate K(s)
which requires the generation of the key to be completely

With encryption of the private key we generate and dispose of a random
number p and use it as a seed, generate K(p) and then archive an
encrypted version under symmetric key s.

I prefer the second reason because it can be applied to any public key
algorithm and does not require a specific generation approach. Now
admittedly when we get to ECC algorithms, generation is not exactly

openpgp mailing list