no password needed to export secret-keys?
Hauke Laging
mailinglisten at hauke-laging.de
Mon Jun 4 17:22:05 CEST 2012
Am Mo 04.06.2012, 10:27:00 schrieb Sam Smith:
> When I use the command: gpg --armor --output <document name>
> --export-secret-keys <KeyID>
>
> shouldn't I be asked for the secret key's password before Export is allowed
> to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm
> never asked for a password. This doesn't seem secure to me. I would think
> that Export should not be allowed to occur until after the key's password
> is provided. Do I have something mis-configured? Can you explain how this
> is secure?
The exported file is protected by the passphrase. That is similar to copying
the secring.
If you want the exported file to have a different passphrase then you have to
(make a backup of the secring and then) change the passphrase (--edit-key),
export the secret key afterwards and then either change the passphrase back or
overwrite the secring with the backup.
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120604/58e2c984/attachment.pgp>
More information about the Gnupg-users
mailing list