why exporting private key without passphrase
Werner Koch
wk at gnupg.org
Fri Jul 6 17:04:48 CEST 2007
On Fri, 6 Jul 2007 16:06, dshaw at jabberwocky.com said:
> That said, however, if you are running SELinux you can prevent
> anything but GPG from reading the secring.gpg. In that case, a
> passphrase requirement for export is meaningful and useful. It's
> actually on the todo list, but hasn't happened yet.
It would actuall break the SELinux system, thus the proper way to handle
it is to have a seperate binary to allow exporting of secret keys. In
general exporting a secret key is not useful and a proper checme to do
this needs to be integrated into the security setup of the entire
system.
If GnuPG has been build with SELinux support, exporting a secret key is
not possible.
Shalom-Salam,
Werner
More information about the Gnupg-devel
mailing list