-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Aug 30, 2005 at 08:45:19AM -0400, Kevin D. Clark wrote:

> I do something like this, but I don't dare carry my secret keys in
> removable media in an unencrypted format.  So, I encrypt my secret
> stuff with a symmetric cypher, for example:

This is, in fact, exactly what the built-in passphrase system does.

- From http://www.gnupg.org/gph/en/manual.html#AEN513
"To help safeguard your key, GnuPG does not store your raw private key
on disk. Instead it encrypts it using a symmetric encryption
algorithm. That is why you need a passphrase to access the key. Thus
there are two barriers an attacker must cross to access your private
key: (1) he must actually acquire the key, and (2) he must get past
the encryption."


Not that another layer of encryption will hurt, but a sufficiently
complex secret key passphrase will be enough for most users.

- -- 
Matt Brodeur                                                     RHCE
MBrodeur@NextTime.com                         http://www.nexttime.com
PGP ID: 2CFE18A3 / 9EBA 7F1E 42D1 7A43 5884  560C 73CF D615 2CFE 18A3
Logic is a pretty wreath of flowers that smells bad. 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDFGXXc8/WFSz+GKMRAihnAJ9CM6GeE/LqpHgH/CdaMRg9AANtFwCfea77
jgomEobbzKKqnBgXbY6ROM0=
=3ceQ
-----END PGP SIGNATURE-----