Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'mfc-patch-21'

Browse Source
This commit is contained in:
Andrew David Wong 2016-10-21 20:44:04 -07:00
commit 7dbe505cc5
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
security/split-gpg.md
View File

@ -258,10 +258,11 @@ In this example, the following keys are stored in the following locations
leave the `vault` VM, so it is extremely unlikely ever to be obtained by
an adversary (see below). Second, an adversary who *does* manage to obtain
the master secret key either possesses the passphrase to unlock the key
(if one is used), or he does not. If he does, then he can simply use
the passphrase in order to legally extend the expiration date of the key
(or remove it entirely). If he does not, then he cannot use the key at
all. In either case, an expiration date provides no additional benefit.
(if one is used) or does not. An adversary who *does* possess the passphrase
can simply use it to legally extend the expiration date of the key
(or remove it entirely). An adversary who does *not* possess the passphrase
cannot use the key at all. In either case, an expiration date provides no
additional benefit.
By the same token, however, having a passphrase on the key is of little
value. An adversary who is capable of stealing the key from your `vault`