How to protect private keys?
moses.mason at gmail.com
Fri Apr 13 11:43:50 CEST 2007
Understood. Thanks for your help. :)
On 4/13/07, Sven Radde <sven at radde.name> wrote:
> The export only gives an attacker convenient access to the key file. But
> if he can run gpg commands, he could just copy your secring.gpg anyway,
> so he already has access to the secret key. Asking for a passphrase to
> export the key would not change anything.
> In fact, if you do not intentionally share your user account on your
> machine, accessing the secret keyring file itself might be achieved far
> easier (i.e. via insecure file permissions on ~/.gnupg) than running
> GnuPG commands under your user account.
> So, make sure that nobody except you can execute "gpg
> --export-secret-key" (on your keyrings) in the first place... :-)
> cu, Sven
More information about the Gnupg-users