Hey guys, I wanted to ask you how you manage your gpg keys? Having them in plaintext all the time on my hard drive feels unsecure.
I have my ssh keys in a password manager (KeePassXC) that only exposes them to the keyagend, when unlocked. Do you know if something like that exists for pgp too?
You should not store your privates keys unencrypted. In fact by default your keys are stored password protected just as if you’d store them in keepass.
How secure is the password protection?
Depends on how strong your password is and the environment you are entering the password in
It differs between software vendors and versions. For example, if you’re using a recent version of gnupg, your key is most likely stored using
openpgp-s2k3-ocb-aes. Use that as a starting point to find more information on how good the protection is. I personally would rate it a fair bit lower compared to the key derivation methods used in keepass which focus more on brute force resistance.