In response to Anton Sherwoods Dec 22 posting: Here's a lame question from a beginner who hasn't even downloaded PGP: Am I supposed to memorize my private key, lest cops beat down the door while I'm out? You would find it difficult to memorize your PGP secret key. It's 384-1024 bits assigned by PGP when it generates a key pair. There's not even any provision for manually entering your secret key. It's only useful in electronic form, on your disk. Which is not to say it may be useful to store it on a floppy at some location removed from the computer in some situations. However, PGP has added something called a "pass phrase" which you can assign to your secret key when you generate a key pair. The pass phrase is optional, but strongly advised. Since you make it up, it should be easy to memorize, so *don't* write it down or store it anywhere where unfriendly forces could find it. PGP uses the pass phrase you assign to encrypt the stored version of the secret key it generates for you. The pass phrase is therefore required (and is prompted for) before the secret key can be used to either decrypt incoming mail or sign outgoing mail. This is your defense against the cops beating down the door. They will find the (encrypted) secret key on your disk. The pass phrase is in your head and you have a right to remain silent; use it. There might be some situation where a judge could order you to give up the pass phrase: you are granted immunity from criminal prosecution (but you don't want to incriminate your friends) or in a civil discovery action. In this case, just claim to have forgotten the pass phrase in the stress of the situation. Stick to that; no-one can prove otherwise. -- edgar@spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Silicon Valley, Ca