no password needed to export secret-keys?

Hauke Laging mailinglisten at
Mon Jun 4 17:22:05 CEST 2012

Am Mo 04.06.2012, 10:27:00 schrieb Sam Smith:

> When I use the command: gpg --armor --output <document name>
> --export-secret-keys <KeyID>
> shouldn't I be asked for the secret key's password before Export is allowed
> to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm
> never asked for a password. This doesn't seem secure to me. I would think
> that Export should not be allowed to occur until after the key's password
> is provided. Do I have something mis-configured? Can you explain how this
> is secure?

The exported file is protected by the passphrase. That is similar to copying 
the secring.

If you want the exported file to have a different passphrase then you have to 
(make a backup of the secring and then) change the passphrase (--edit-key), 
export the secret key afterwards and then either change the passphrase back or 
overwrite the secring with the backup.

PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120604/58e2c984/attachment.pgp>

More information about the Gnupg-users mailing list