reasons for needing --allow-secret-key-import?

David Shaw
Fri Feb 22 21:43:02 2002

On Fri, Feb 22, 2002 at 02:35:39PM -0500, Frank Tobin wrote:
> I'm curious as to why the --allow-secret-key-import option is needed.
> >From what I can tell, could only be a problem if imported secret keys were
> automatically trusted (which would be bad), and would as such indicate a
> problem in GnuPG.  Importing untrusted secret keys should not be an issue.

In GnuPG 1.0.6, you can set the trust of a public key to whatever you
like, but if you have the secret key as well, that trust jumps to
"ultimate".  (The assumption is that if you own the secret key, the
key is you.)  Thus the need for the --allow-secret-key-import option
to prevent the bad guys from sending you a secret key which can alter
trust on your keyring.  There is no problem because you cannot import
a secret key without setting the option first.

In 1.0.7, secret keys do not confer any automatic trust, so the
--allow-secret-key-import option is obsolete.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson