[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [openpgp] Fingerprints
On Mon, Apr 27, 2015 at 4:34 PM, Werner Koch <wk@xxxxxxxxx> wrote:
> On Mon, 27 Apr 2015 19:58, phill@xxxxxxxxxxxxxxx said:
>>> work reliable for mass deployment. Thus for backing up and syncing
>>> private keys they use a letters and digits based code to seed a PRNG.
>> I can't see the point of that.
> The point is that typing
> works more reliable than scanning QR codes.
>> Encrypt the private key(s) under a symmetric key, split the symmetric
>> key into as many shares as you need. Print out the key shares on paper
> Nobody talked about key splitting.
It can be added to either.
The difference between the approaches is as follows
With generation from seed we take a secret s and then generate K(s)
which requires the generation of the key to be completely
With encryption of the private key we generate and dispose of a random
number p and use it as a seed, generate K(p) and then archive an
encrypted version under symmetric key s.
I prefer the second reason because it can be applied to any public key
algorithm and does not require a specific generation approach. Now
admittedly when we get to ECC algorithms, generation is not exactly
openpgp mailing list