Okay. So being able to export without password is by design then. I don't have anything misconfigured.
This makes it a trivial task to steal someone's secret key. All that's needed is access to the machine for a few seconds when no one is looking. I am not technically know-how enough to configure SELinux or app-armor. Does this mean there is no way to safeguard the Secret Key, other than the obvious of not letting anyone use my user-account? or is there any security measures that you guys use to protect secret key from being exported by someone else? > From: [email protected] > To: [email protected] > CC: [email protected] > Subject: Re: no password needed to export secret-keys? > Date: Mon, 4 Jun 2012 18:06:08 +0200 > > Am Mo 04.06.2012, 11:56:22 schrieb Sam Smith: > > Please take care that you reply to the list. > > > No, the exported file is NOT protected by the passphrase. > > > > If I export the key. And then delete my secret key from my keyring. And now > > Import what I exported, I am not asked for a password before the import is > > allowed to complete. That is, Anyone who gains access to my machine can > > export my secret key (no password required), take the product of the export > > to whatever computer they want and then import it (no password required). > > You obviously have a completely wrong idea what a passphrase is used for. > > A passphrase is (if used) needed for crypto operations which need the private > key (the numbers). The passphrase just encrypts the key material, not the > whole exported file. Importing and exporting are not crypto operations. > > If you want to prevent others from importing or exporting keys then prevent > them from accessing the files (a very common IT task that is not related to > GnuPG). > > > Hauke > -- > PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
