Protecting Private key
Brian Greenberg
grnbrg at gmail.com
Thu Dec 2 18:18:11 CET 2004
On Thu, 02 Dec 2004 17:42:46 +0900, tschia at spymac.com <tschia at spymac.com> wrote:
> Hi
> I am new to gpg. It seem to me obtaing the private key is very simple.
>
> All you need is to execute
> gpg -ao tsPub.ky --export NNNNN
>
> Are there alternative to protect the private. E.g. a user can retrieve the private key
> provided he/she knows the Passphrase.
Keep in mind that for something like this to work for an attacker,
they must have read rights to your secret keyring. The fact that read
rights to such a file is quite easy to get (ie: Anyone with Admin
rights) is why there is a passphrase.
Further, "gpg -ao tsPub.ky --export NNNNN" exports the *public* key,
in ASCII format. To export a secret key, one needs to do:
gpg -ao tsSec.ky --export-secret-keys NNNNN
Of course, all this does is give an ASCII formatted version of the
secret keyring. While this information is sensitive, it's not very
useful without the passphrase for the secret key. If an attacker can
get both, then they can use the key as easily as you. This is why the
paranoid will keep their secret keys on removable media.
Brian.
(GnuPG novice)
--
Brian Greenberg
grnbrg at gmail.com
More information about the Gnupg-users
mailing list