Title Add a way to generate keypairs from a passphrase
Priority feature Status deferred
Category gnupg Due Date
Version 2.0 ExtLink  (go)
Superseder Nosy List werner
Assigned To werner Topics  (help)

Created on 2003-05-22.10:59:39 by gpg, last changed 2009-09-03.10:19:44 by werner.

msg1985 (view) Author: werner Date: 2007-02-23.17:19:22
Implemented in Libgcrypt trunk. 

Now we need to enhance gpg2 to make use of it (decryption part).
The idea is to use one of our special key protection modes and have gpg2
regenerate the secret key from the private one and the passphrase.
msg1971 (view) Author: werner Date: 2007-02-08.16:50:17
Moved to libgcrypt until we have implemented this feature.
msg439 (view) Author: werner Date: 2004-10-13.13:44:41
Its indeed possible but I am not sure whether we will
implement it for 1.4.  It is more likely that it will be
done with the help of libgcrypt and thus sometime appear in
gpg 1.9

msg438 (view) Author: werner Date: 2003-05-25.18:32:52
I will consider this

msg440 (view) Author: gpg Date: 2003-05-22.10:59:39
Release: 1.2.1


 I propose adding a way to generate a keypair where the private key is generated directly from a passphrase.  It should generate and save a public key in the pubring file in the usual way.  Saving a secret key in the secring should be optional.  The idea is to be able to decrypt without needing a secring file.  This is very useful, as evidenced by the fact that people still use the -c option (conventional symmetric encryption) even though you need the passphrase for both decryption and encryption.  It would be good to not need the passphrase for encryption.  An example application would be an automatic backup script.  You would generate encrypted backup files without needing any secret keys.  Then if your computer crashes or melts, you can buy a new computer, install a new OS on it, install GPG on it with no key files, and still be able to recover your backups.  Anyone who's used GPG/PGP for a long time knows that this kind of thing happens more often than it should.  I think the reason PGP didn't have this feature in the beginning is that RSA key generation (the only public-key algorithm then supported by PGP) on those old computers was very slow.  But these days, generating an El-Gamal key from a passphrase is very straightforward (just use a hash function) and even generating an RSA key is reasonably fast (because computers are faster now).  So I think this would be a worthwhile addition.  I'm willing to come up with a patch if the maintainers would like to integrate it.

Date User Action Args
2009-09-03 10:19:44wernersetstatus: in-progress -> deferred
duedate: 2009-03-31.00:00:00 ->
2008-09-30 17:45:44wernersetduedate: 2008-03-31.00:00:00 -> 2009-03-31.00:00:00
2007-12-11 17:17:25wernersetduedate: 2007-12-15.00:00:00 -> 2008-03-31.00:00:00
2007-09-11 20:15:23wernersetduedate: 2007-06-15.00:00:00 -> 2007-12-15.00:00:00
2007-05-07 13:43:13wernersetduedate: 2007-03-31.00:00:00 -> 2007-06-15.00:00:00
2007-04-11 10:00:29wernersetnosy: + werner
2007-03-05 15:24:37wernersetduedate: 2007-03-31.00:00:00
2007-02-23 17:19:22wernersetstatus: chatting -> in-progress
category: libgcrypt -> gnupg
version: 2.0
messages: + msg1985
2007-02-08 16:50:18wernersetcategory: gnupg -> libgcrypt
messages: + msg1971
2004-10-13 13:44:41wernersetstatus: unread -> chatting
messages: + msg439
2003-05-25 18:32:52wernersetassignedto: gnupg-hackers -> werner
messages: + msg438
2003-05-22 10:59:39issue_trackercreate