Protecting Private key

Brian Greenberg grnbrg at
Thu Dec 2 18:18:11 CET 2004

On Thu, 02 Dec 2004 17:42:46 +0900, tschia at <tschia at> wrote:
> Hi
> I am new  to gpg. It seem to me obtaing the private key is very simple.
> All you need is to execute
> gpg -ao --export  NNNNN
> Are there alternative to protect the private. E.g. a user can retrieve the private key
> provided he/she knows the Passphrase.

Keep in mind that for something like this to work for an attacker,
they must have read rights to your secret keyring.  The fact that read
rights to such a file is quite easy to get (ie:  Anyone with Admin
rights) is why there is a passphrase.

Further,  "gpg -ao --export  NNNNN" exports the *public* key,
in ASCII format.  To export a secret key, one needs to do:

     gpg -ao --export-secret-keys  NNNNN

Of course, all this does is give an ASCII formatted version of the
secret keyring.  While this information is sensitive, it's not very
useful without the passphrase for the secret key.  If an attacker can
get both, then they can use the key as easily as you.  This is why the
paranoid will keep their secret keys on removable media.

(GnuPG novice)
Brian Greenberg
grnbrg at

More information about the Gnupg-users mailing list