On Jun 4, 2012, at 10:27 AM, Sam Smith wrote: > > Hi. > > When I use the command: gpg --armor --output <document name> > --export-secret-keys <KeyID> > > shouldn't I be asked for the secret key's password before Export is allowed > to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm never > asked for a password. This doesn't seem secure to me. I would think that > Export should not be allowed to occur until after the key's password is > provided. Do I have something mis-configured? Can you explain how this is > secure?
The secret key is encrypted via your passphrase, so it is safe to export. GPG is just copying some bytes from a file on disk, and you could copy the whole file yourself via 'cp' just as easily. Still, you can do things with SELinux to prevent any process from reading the secret key file except GPG, and in that case, it might be reasonable to request a passphrase before exporting the key. David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
