PGP Passphrases

Top  Previous  Next

 

A passphrase is a collection of words and characters used by PGP cryptography to encrypt the private key when you create a public/private key pair. It is then needed again to decrypt the private key whenever encrypted files are signed or when files are decrypted.

 

Passphrases differ from passwords only in length. Passwords are usually short -- six to ten characters. Short passwords are acceptable for logging on to a computer system, but they are not safe for use with encryption systems. Passphrases are usually much longer -- up to 100 characters or more. Their greater length makes passphrases more secure.

 

Picking a good passphrase is one of the most important things you can do to preserve the privacy of the files you encrypt using PGP. A passphrase should be:

 

Known only to you
Long enough to be secure
Hard to guess -- even by someone who knows you well
Easy for you to remember and type accurately if necessary
Use a combination of upper and lower case characters and digits (for example: TesT03PhrasE)

 

Important

Robo-FTP secures your passphrase by saving it in an encrypted format in the Windows registry along with its other settings. The passphrase is also never displayed in the Robo-FTP console window nor written to any log file. But be aware that it does appear in clear-text in a script file if you specify it as an argument. Therefore, the method of specifying your passphrase during configuration is the most secure.

 

 

Related: PGP Public and Private Keys, PGP ASCII Armoring, PGP Digital Signatures

See also: Robo-FTP and PGP Cryptography, PGPENCRYPT /pw option, PGPDECRYPT /pw option