Endpoint Encryption

Hello,

I'm pretty new to file system encryption and had a quick question.

What is the downside to having a private key exportable? Is this more of a security risk?

In the situation of getting a new computer, I would assume keys would have to be exportable, otherwise how would you get the private key onto the new machine....?

Also what about this scenario - Say an attacker logged onto my computer somehow, and took a copy of some data that was encrypted with my PGP key, and also took a copy of the pubring.pkr and secring.skr files that Symantec Encryption Desktop creates in c:\users\username\Documents. The data is pretty secure as it uses the whole public/private key technology to encrypt the data, but none of this really matters as all the attacker would need to know is the passphrase for the keyring.

So in the scenario, is the data only as secure as the passphrase used to secure the keyring?

Thanks in advance for the responoses.

Cheers

Peter

Hi Peter,

Please check below the PGP NetShare File Protection FAQ

https://support.symantec.com/en_US/article.TECH148964.html

About exporting the key, it is recommended to have a backup of the keys and also to have a paraphrase, which will act as a double layer protection. The keys and paraphrase need to be kept confidential, missing both of this will be perfect for attacker to access the data. 

Hi Shahidhussain,

If an attacker got hold of the keys, whats to stop him from running a brute force attack to try and guess the passphrase? Is the passphrase used for encryption of the private key? If so what type of encryption is it?

Sorry for all the questions, and I know there are a lot of "What If" scenarios, but i'm just trying to figure out exactly how all of the technology works.

Regards,

Peter

Hi Peter,

The technical difference is simply that a passphrase can contain spaces.  It is then a phrase instead of a word (i.e. "TheCowJumped0verTheMoon!" vs. "The Cow Jumped 0ver The Moon!"

A passphrase still can be used without spaces, the differentiation is only that it has the ability to use them.  Windows 7 and above allow for spaces, so they would technically be using a passphrase instead of a password.

I think the main reason to call it a passphrase is simply to remind users that it should be longer, and possibly separated by spaces.  Spaces are a special character, so adding one or more increases the security of the passphrase.

(The key word is) "IF" attacker gets your keypair, public and private key and also guess the passphrase then of course he will be able to decrypt the data, however that is very rare possibility, unless the keys are not stored in a secure place and the passphrase is not strong enough.

Hello,

Thanks for the follow up Shahidhussain.

You are right, I guess the keyword is IF they get a hold of the keypair.

Cheers

Peter