3

I have a password database, that can be secured by a passphrase or by providing a GPG key.

I have a GPG key that can be secured via a good password that I can remember, or via a great password that I need to store in a database to remember.

I can obviously not secure the GPG key via a passphrase stored in the database if I encrypt the database with the key.

What makes more sense?

1. Protect the database with the GPG key which in turn has a good password or

2. Use a great passphrase to secure the GPG key, but the passphrase is stored in the database which is protected only by a good passphrase.

lindhe
  • 131
  • 4

1 Answers1

2

Security-wise, the weakest path to the data - in this case the passwords - is the relevant one.

As it seems that you are not able to remember a passphrase that is really good (and there are questions and answers here that cover how to generate ones that can be remembered very well), it does not really matter which of your options you choose.

I would propose to secure the password database with the GPG key and have that locked with a very good passphrase.

This approach has several benefits, one of it being that you probably use the key more often than other passwords in the database and by remembering that passphrase, you increase overall usability. Additionally, most operating systems allow to unlock a GPG keyring for all of a users session if that is acceptable security-wise, you can improve usability even more.

Tobi Nary
  • 14,302
  • 8
  • 43
  • 58