First off, I’ll tell you what a key is NOT.
A key is not larger than a breadbox (not usually, anyway)
A key is not an encryption algorithm
A passphrase is not a key
A key is not shaped like a key
A key is not a token (but it can be stored on a token)
A key is not interchangeable between algorithms
A key is not an indication of trust
These are just some of the many misconceptions and misunderstandings about keys that I hear every day. Most of the confusion comes from the fact that we – the people who are computer technology experts — fling the word around so casually and indiscriminately, that we confuse the very people we are trying to educate. So, I’ll use my description of a key — the computer file that you use with your cryptographic program to start the encryption or decryption process.A key does not encrypt or decrypt anything — the algorithm does that. The information in the key is used to encrypt/decrypt, but it is not the algorithm itself.
There’s nothing really magical to making a key — the cryptographic program actually does all the work. You can make keys via the command line or with Thunderbird or GPA Kleopatra – which passes commands to gnupg. The GUI (Graphical User Interface) asks you have to give it certain parameters to follow: what type of algorithm it should use, how many bits the key should be composed of, and any expiration date you may want to assign. Before the cryptographic program begins generating the key, it will usually ask you for a passphrase. The passphrase has no bearing on whether or not the key will be strong enough to use. The passphrase is only a protection mechanism to make sure you are the only person to use the key. It’s kind of like having a PIN for an ATM card. The PIN is the protection and the ATM card is the key.
You have just created a 4096 bit key – password?? Hmmm………? “ManUn1975” you say – if you lose your private key then that password will be cracked in under a millisecond. Security agencies like GCHQ hold data on all books user names hobbies etc.. They also have very powerful computers which will crack your passphrase if it’s too short and too repetitive or contains known words or strings of characters.
A good trick is to you say half a sentence from a paragraph on a page of a book say 16 characters long example “half under the steel” – then “that no one can make” and “that’s it.” All these were taken from a banned book at random pages. Write it out in reverse so:
You may mix up the words if you wish. Then sprinkle some special characters in “!”$%?@*” This may take 250 years to crack but you will be long dead. You may shorten your efforts to 28 characters then you make billions of possibilities what it is – but you get the idea – a strong passphrase is as important as a strong algorithm.
You could take a section out of this string – say 16 characters – easy to remember – the key is to make your passphrase very very strong and for you to remember it. You can always copy your keys and passphrase to your SD Card you keep in your camera and then hide that folder. Be aware that the police will take ALL your electronic stuff when they raid your business or home.
The law in the UK states that you must give up your passphrase – but as there are no valid courts in the UK you can tell them to fuck off – get a good constitutional lawyer.