Johan Wevers
Sat Feb 17 19:43:00 2001

Stefan Bellon wrote:

> I think it would be a nice addition if GnuPG asked for your passphrase
> when exporting the secret key with --export-secret-key. I know that it
> is not necessary, but it would make it safer against misuse as the key
> couldn't be extracted unattended, ... IYSWIM.
That's quite useless. The key is, also if extracted, still password-protected, and if someone gets your secring this password protection is all there is. If you want to remove the password from the key you need to give it anyway because is is needed for decryption. Besides, it can easily be circumvented by using a hacked version of gpg. This sounds like security by obscurity, generally a bad idea and for an open-source program totally useless. -- ir. J.C.A. Wevers // Physics and science fiction site: // PGP/GPG public keys at