why exporting private key without passphrase

Janusz A. Urbanowicz alex at bofh.net.pl
Tue Jul 10 14:57:21 CEST 2007

On Sun, Jul 08, 2007 at 03:07:08PM +0000, jesus martinez wrote:
> Janusz, thanks for replying !
> in my work, many people uses my computer.
> - what do i have to do to avoid them to access to
> my private key ?

Private keys are usually stored on a filesystem in a plain
file. Depending on the operating system you run, prohibit other users
from accessing that file (or your whole home directory).

You can use GPG smartcard, in that scenario, your secret keys reside
on the card. To sign or decrypt you put the card in the reader
connected to the computer. When somebody uses the computer, you take
away the card with your keys.

> - what happend if there is a trojan made to 
>   get private keys ?

If you use normal storage (file on a filesystem), you lose. If you use
a smartcard,  a trojan can only  decrypt or sign  something instead of
file you specify.

> i really think that a passpphrase must 
> be asked to export private keys.
> what do you think ? and what can i do to protect my
> self ?

Define your threat model. Make a description of what is the situation,
what you want to do, and what you can do (for example if you have
administrative access to the computer).

Then look for solution.

JID: alex at hell.pl
PGP: 0x46399138
od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze
 -- Czerski
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20070710/8d99b750/attachment.pgp 

More information about the Gnupg-devel mailing list