Hi! Moses schrieb: > How to better protect private keys of GPG users? Apart from the *very* good point of Robert, your ürivate key is still protected by its passphrase after you run "gpg --export-secret-key". It therefore cannot be used by someone who does not know the passphrase (however, when someone is able to run commands under your user account, installing a keyboard sniffer should not be too difficult).
The export only gives an attacker convenient access to the key file. But if he can run gpg commands, he could just copy your secring.gpg anyway, so he already has access to the secret key. Asking for a passphrase to export the key would not change anything. In fact, if you do not intentionally share your user account on your machine, accessing the secret keyring file itself might be achieved far easier (i.e. via insecure file permissions on ~/.gnupg) than running GnuPG commands under your user account. So, make sure that nobody except you can execute "gpg --export-secret-key" (on your keyrings) in the first place... :-) cu, Sven _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
