export private key
Volker Gaibler
volker.gaibler@urz.uni-heidelberg.de
Tue Sep 24 01:41:02 2002
Hello Norbert,
On Mon, Sep 23, 2002 at 06:16:52PM +0200, Johan Almqvist wrote:
> What can the intruder do with the "stolen" private key without your
> passphrase?
in case this is not clear enough, I'd like to add this remark to Johans
answer.
The thing that is exported by gpg when exporting the private key is the
passphrase-encrypted private key. It's contained in secring.gpg. So if
the attacker doesn't know your passphrase, he can't get the "real"
(decrypted) private key that is needed for signing, etc.
As you see, the strength of the passphrase is crucial here. In nearly
all cases the passphrase is by far the weakest point - if the system is
compromised / the attacker got the encrypted private key. But in that
case you also have to be aware that the attacker could install
keyloggers, etc. and get the passphrase that way. So keep your system
secure - the passphrase is rather a sheet-anchor.
Volker
--=20
Volker Gaibler contact:
http://www.volker-gaibler.de mail@volker-gaibler.de
OpenPGP key: 0x86ECAC0B
get my public key from website above=20
+---------------------------------------------------------------------+