On 19/10/14 22:08, Hauke Laging wrote: > No. Why should that be better / easier than encrypting the whole > archive?
It wouldn't; I simply hadn't thought of it. In other words: >> Or am I still not comprehending what it is you want to do? Indeed. ;) When at some point my thoughts strayed to this mail thread, I suddenly thought "D'Oh! Of course, it's much better to simply wrap it in a symmetrically encrypted archive!". It seems we're on the same page again :). > Especially as there may be other information in ~/.gnupg which you > don't want to become public. trustdb.gpg, yes. I proposed using a blacklist rather than a whitelist, because I suspect useful files might later crop up. I came to realise a trade-off there which needs to be mentioned: if you use a whitelist and miss useful files, your backup is possibly not useful. That's bad. But if you use a blacklist and a file is later added that compromises your security and is included in the backup, that is a security issue. That's worse. But this is mitigated by encrypting the whole backup with a good password. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
