confirmation for --export-secret-key

Huels, Ralf KSV
20 Nov 2000 16:12:14 +0100

> If you have acccess to .mutrc you have alos access to
> .gnupg/secring.gpg - so who cares.
> While I may not agree with the initial author's request to have a prompt
> for exporting the secret key, Werner's statement here is not necessarily
> correct, and implies people are only working with a 'standard' system.
ACK. I would also assume that users might not take equal care installing (e.g.) a new mutt distribution as they would installing a GnuPG update. Checking authenticity of the source might be more obvious with crypto software. So I would not assume equal security for all programs. Of course, an atacker might sneak code into the mutt source that can access secring.gpg directly, but that seems to be more effort than simply adding a function that calls gpg to make it spill it´s guts. Tschuess, Ralf -- Ralf Hüls Bismarckplatz KSV Kreditschutz-Vereinigung GmbH 44866 Bochum Score-Consult Tel. 02327/9114-28 Fax. 02327/8 40 27 -- Archive is at - Unsubscribe by sending mail with a subject of "unsubscribe" to