no password needed to export secret-keys?

[Kevin Kammer]

On Mon, Jun 04, 2012 at 11:57:02AM -0400 Also sprach Sam Smith:

> No, the exported file is NOT protected by the passphrase.
> 
> If I export the key. And then delete my secret key from my keyring.
> And now Import what I exported, I am not asked for a password before
> the  import is allowed to complete. That is, Anyone who gains access
> to my machine can export my secret key (no password required), take
> the product of the export to whatever computer they want and then
> import it (no password required).
> 
> I do not see where the security lies. Thanks for the help.
> 

The security lies in the fact that the key you are exporting and
importing is itself encrypted.  It is encrypted where it resides on
your keychain, it is encrypted in the file you export, and it is
still encrypted when you import it into another keychain.

Adding a password requirement to --export-secret-keys would add a very
marginal degree of security, because, as has been noted, anyone with
access to your user account on the computer which hosts your keychain
(i.e. someone who could presumably run gpg --export-secret-keys on
your keychain) could just as easily cp the whole darn keychain; they
STILL would not be able to use your key to sign or decrypt without
knowing the passphrase of the key.  The export command really just
provides you with a convenient method of copying a specific key or
keys from your keychain, instead of the whole thing.  

It is almost impossible (or at least not practical) to prevent someone
with physical access to your computer from exporting or copying key
data which is stored on your hard disk, so the key is always stored in
encrypted form, so that even if it is copied, it cannot be used sans
passphrase.  If you are truly concerned about preventing the
possibility that even your encrypted private keys may be copied,
consider a solution such as the OpenPGP card, from which it is
practically infeasible to export the keys at all.