From: "Patrick Chkoreff" <[EMAIL PROTECTED]> > From: "Steven T. Cramer" <[EMAIL PROTECTED]> > > > > And if they do get your private key, what will they be able > > > to do with it? Without also having your password, it's useless, no? > > > > No it is not useless. They can use it to unencrypted and message > > encrypted with his public key.
> True: the exported private key is just plain-old-text and completely usable. I haven't been able to export an unencrypted private key using PGP 6.0.2i . I don't even see how this would be possible without you first entering your passphrase - the private key is encrypted (using conventional encryption) using a hash of the passphrase. Have you actually tried decrypting anything using this exported private key? I think you will find a passphrase is still needed. Of course, there are theoretical attacks against encrypted private keys, so you should still keep them secret. --Luc --- You are currently subscribed to e-gold-list as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
