why exporting private key without passphrase
Janusz A. Urbanowicz
alex at bofh.net.pl
Fri Jul 6 15:50:15 CEST 2007
On Wed, Jul 04, 2007 at 12:18:16PM -0300, jesus martinez wrote:
> i noticed that using GnuPG anyone who has access to
> a machina where its installed, can export any private
> key without being asked the correct passphrase.
>
> isnt it a security issue ? what is a computer is
> a public one ?
the keys can be copied without running gpg anyway (they are kept in a
plain file), so there is no point in protecting export process
don't keep secret keys on a public computer
=alx
--
JID: alex at hell.pl
PGP: 0x46399138
od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze
-- Czerski
More information about the Gnupg-devel
mailing list