8

What is the main difference of the three? Can I use only one of them for everything (e.g. GPG for SSH authentication)

If I encrypt my private key with a pass-phrase, is it strong enough so that if someone steals my laptop or private key, I'm safe?

If not, what about encrypting my private key with the scrypt algorithm?

dzervas
  • 183
  • 1
  • 1
  • 5

1 Answers1

7

What is the main difference of the three? Can I use only one of them for everything (e.g. GPG for SSH authentication)

  • GnuPG is an free and open-source implementation of the OpenPGP standard.
  • Symantec PGP is a proprietary implementation of the OpenPGP standard.
  • The OpenPGP standard defines ways to sign and encrypt information (like mail, other documents and code/software).
  • OpenSSH is about connection securely to remote computers. For authenticating you need some secret, usually this is a passphrase or SSH key.

With OpenPGP, you hold a secret (private key) which also can be used for authenticating yourself. It needs software support for that, and I haven't heard of some code doing this for (Symantec) PGP, but there is a way doing this with GnuPG.

If I encrypt my private key with a pass-phrase, is it strong enough so that if someone steals my laptop or private key, I'm safe?

Your password encrypts your private key. The key is safe as long as your password is safe. If your password is too weak (dictionary-attacks, not long enough, easy to brute-force for other reasons), your key is vulnerable, too.

Think about how valuable your key is for an attacker and choose fitting security measures like storing your key offline (in the and of this answer).

If not, what about encrypting my private key with the scrypt algorithm?

If doing so, security depends on the password you're using for scrypt and scrypt's algorithm. You can achieve the same amount of security with a good OpenPGP password, so there is no need for additionally encrypting your key.

Community
  • 1
Jens Erat
  • 1,383
  • 11
  • 18