Red Hat DIRECTORY SERVER 8.1 - 11-01-2010 Instrukcja Użytkownika Pobierz pdf (Strona 30)

7.2.2. Choose a passphrase

Your private key is all that you need to send signed messages and decrypt

messages that you receive on your selected email account. Should the private

key fall in enemy hands, this would allow someone else to sign messages on

your behalf and decrypt messages that were supposed for your eyes only.

Luckily, GnuPG uses an additional layer of protection: the private key is

protected with a secret passphrase. You're being asked here what the secret

passphrase should be for your new key pair: choose something that is easy to

remember but very hard for someone to guess. Read Section 12.1. for some

suggestions on how to choose a good passphrase.

Enter your passphrase in the Passphrase field, then repeat it in the Passphrase

(repeat) field.

If you forget your passphrase, you will be unable to use your

private key. There is no way to recover the passphrase: your only

hope is to try to remember what the passphrase was. This is a

security feature of GnuPG and cannot be circumvented.

You can also choose not to protect the key with a passphrase by ticking the

option No passphrase, although we strongly recommend you to not do that.

7.2.3. Choose the time expiry of the key

It may happen that some day you lose your private key or your passphrase, and

therefore are unable to use your key pair. It may also happen that your private

key gets compromised e.g. an intruder manages to have access to your

computer and steal your key pair, or you could send someone your private key

by mistake.

Furthermore, there might be some breakthrough in cryptanalysis or simply the

discover of a weakness in a cryptographic algorithm, although this possibility is

more remote. In this case, the cipher and key size you chose for your key pair

many years ago could be unfit for offering valuable security in today's

standards.

In all these unfortunate cases, it is a good idea to have defined a key pair that is

valid only for a limited period of time.

The Key Expiry tab allows you to limit the lifespan of your key pair. After the

allotted time, the public key will automatically be marked as invalid (expired),

and people will be prevented to use it. The messages previously encrypted and

signed with that key pair will still be decryptable and verifiable, though. Once

your key pair has expired you will need to generate another one, and distribute

around your new public key.

A good time lapse for key expiration is between 3 and 5 years. You may also

choose to have a key that never expires, although we do not recommend to do

so.

It is also possible, and recommended, to create a revocation certificate that you

can use at any time to mark the key as invalid; this will be explained further on.

1 2 ... 25 26 27 28 29 30 31 32 33 34 35 ... 105 106

Brak uwag

Red Hat DIRECTORY SERVER 8.1 - 11-01-2010 Instrukcja Użytkownika Strona 30