why exporting private key without passphrase

Werner Koch wk at gnupg.org
Fri Jul 6 17:04:48 CEST 2007


On Fri,  6 Jul 2007 16:06, dshaw at jabberwocky.com said:

> That said, however, if you are running SELinux you can prevent
> anything but GPG from reading the secring.gpg.  In that case, a
> passphrase requirement for export is meaningful and useful.  It's
> actually on the todo list, but hasn't happened yet.

It would actuall break the SELinux system, thus the proper way to handle
it is to have a seperate binary to allow exporting of secret keys.  In
general exporting a secret key is not useful and a proper checme to do
this needs to be integrated into the security setup of the entire
system.

If GnuPG has been build with SELinux support, exporting a secret key is
not possible.


Shalom-Salam,

   Werner




More information about the Gnupg-devel mailing list