no password needed to export secret-keys?

Hauke Laging mailinglisten at hauke-laging.de
Mon Jun 4 18:06:08 CEST 2012


Am Mo 04.06.2012, 11:56:22 schrieb Sam Smith:

Please take care that you reply to the list.

> No, the exported file is NOT protected by the passphrase.
> 
> If I export the key. And then delete my secret key from my keyring. And now
> Import what I exported, I am not asked for a password before the  import is
> allowed to complete. That is, Anyone who gains access to my machine can
> export my secret key (no password required), take the product of the export
> to whatever computer they want and then import it (no password required).

You obviously have a completely wrong idea what a passphrase is used for.

A passphrase is (if used) needed for crypto operations which need the private 
key (the numbers). The passphrase just encrypts the key material, not the 
whole exported file. Importing and exporting are not crypto operations.

If you want to prevent others from importing or exporting keys then prevent 
them from accessing the files (a very common IT task that is not related to 
GnuPG).


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120604/40c9a741/attachment.pgp>


More information about the Gnupg-users mailing list