deluid // why no passphrase required ?

Eric erpo41 at hotpop.com
Wed Aug 10 23:40:08 CEST 2005


On Wed, 2005-08-10 at 14:18 -0700, vedaal at hush.com wrote:
> when adding a new userid, gnupg understandably requires a 
> passphrase,
> 
> why doesn't gnupg require a passphrase when deleting a uid ?
> 
> (granted, if someone found my secring.gpg, this would be my least 
> worry ;-)
> 
> but, in principle,
> shouldn't all key editing functions require a passphrase ?

The point of a passphrase is not to ensure data integrity. If someone
has sufficient access to your system, that person could delete your
entire secret keyring (and all of your uids) no matter how gpg
implemented passphrases. secring.gpg is just a file and it can be rm'd.

Adding a uid requires a passphrase because the new uid needs to be
signed, and that requires your secret key. Deleting a uid just means,
more or less, chopping a block of bytes out of secring.gpg.

The passphrase protects your secret key from being used by other
people. 


hth,

Eric





More information about the Gnupg-users mailing list