[pmmail-list] Stupid PGP question(s)

[Stefan Kirch]

Hi!

First of all, this is the PMMail-Mailinglist - not a PGP-list!

On Fri, 13 Jul 2001 23:17:16 -0400, Andrew Webber wrote:

>I have a couple of PGP questions.
>
>1. Am I right in thinking that using the same passphrase to create
>a secret key on two different occasions, will result in two
>different keys?

Yes - the passphrase only protects the key - it has nothing to do
with the contents. It's the same question, that, if using the
same password for protecting two ZIP-Archives, are the archives
the same? 

>2. If I'm right about #1, then I really need to keep copies of
>pubring.pkr and secring.skr, especially the latter!  (I have a
>copy, but I figured if necessary I'd just re-generate the key).  Is
>there any significant security issue if I give the keyrings to a
>friend, to a relative, and so on, for safekeeping?

Arg - Please go an read the thousands of PGP-manuals. It's seems
to me, as if you have absolutely no idea of PGP and you are also
on the wrong list.
Ok, here the answers: You MUST give your public key to everyone,
who should send you an encrypted email and everyone, who should
be able to verify your signed messages - look at the name, it's
called "Public key". The "Secret key" - ok, what do you think about
that? Right - is's a "secret". If someone gets your secret-key,
than he can do everything, what you can do - the only protection
is the passphrase, but if he has some good cpu's, he can make a
brute-force-attack to check this out.

So, it would be the best thing for you, to read a "Starting with 
PGP" or something like that!

  Steff

- pmmail-list - The PMMail Dicussion List ---------------------------
To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com with the first 
line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com