-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04.06.2012 18:57, Sam Smith wrote: > > No, the exported file is NOT protected by the passphrase. > > If I export the key. And then delete my secret key from my keyring. > And now Import what I exported, I am not asked for a password > before the import is allowed to complete. That is, Anyone who gains > access to my machine can export my secret key (no password > required), take the product of the export to whatever computer they > want and then import it (no password required). > > I do not see where the security lies. Thanks for the help. > >> From: [email protected] To: [email protected] CC: >> [email protected] Subject: Re: no password needed to export >> secret-keys? Date: Mon, 4 Jun 2012 17:22:05 +0200 >> >> Am Mo 04.06.2012, 10:27:00 schrieb Sam Smith: >> >>> When I use the command: gpg --armor --output <document name> >>> --export-secret-keys <KeyID> >>> >>> shouldn't I be asked for the secret key's password before >>> Export is > allowed >>> to complete? I've tried this on both Windows 7 and Ubuntu Linux >>> and I'm never asked for a password. This doesn't seem secure to >>> me. I would > think >>> that Export should not be allowed to occur until after the >>> key's > password >>> is provided. Do I have something mis-configured? Can you >>> explain how > this >>> is secure? >> >> The exported file is protected by the passphrase. That is similar >> to > copying >> the secring. >> >> If you want the exported file to have a different passphrase then >> you > have to >> (make a backup of the secring and then) change the passphrase > (--edit-key), >> export the secret key afterwards and then either change the >> passphrase > back or >> overwrite the secring with the backup. >> >> >> Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
If you import the key and then sign something with it, you are probably asked for a password. - -- [Mika Suomalainen](https://mkaysi.github.com/) || [gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) || [Why do I sign my emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) || [Please don't send HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) || [This signature](https://gist.github.com/2643070#file_icedove.md) || [Please reply below this line](http://mkaysi.github.com/articles/complaining/topposting.html) ____________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Homepage: http://mkaysi.github.com/ Comment: gpg --keyserver pool.sks-keyservers.net 82A46728 Comment: Public key: http://mkaysi.github.com/PGP/key.txt Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPzfIhAAoJEE21PP6CpGcooSEP/Rc+mJaBEOrG+3ImKYzqRcuM Uw3Lxu8lg1MOpOB2xYWKrY1YBMgAqDJvmP6epRwJGooxRkD+skmVOqV5PuX6wZ3T tTiz4lzSvYIEJFOLZhwTYHxzumtmDeY2CLqpj/JNx3NEOeACtch/l2gWnavFxPkz R5oDt5D+HW8Gq743P7nMysC5MdW5LY+t7KMoZzUHFJszT1FNisKueSYXc1CnTrIt HLm4gLoEEk5rQs+ZQeIEIeXCFDjfNbCBP1u8lVok531rAptuGMCvcHxixxKX2Bku IMDjD9A5LpArfP4eV2XSKmfWaDBl9BK3yN+WFu05SsXtmoUdwnx4T7oQXndsSwP0 avEqfQxQVQ8VI95ARaTlhGtytDfGrSrmb+b76+cPK2Bznwdb/2jUw6ssVQXVP6Tm /IC1ywYIZdxwxSTFGA1JvjppfF0aL0/fW1d9BAG3G4AJ6KH4IEQ/QYofQ0vS3Hf/ MtcJL0LZYV/tuacE5k0K9XDoRJHKkGmiY20GKuqzoscjhXMFOfyyV68n3lnH51E6 Gbw9iHsQkgq9HHGhqNwJcIx3lo6CSGaFZvvy3/ccnlfdo1+1M4IpAvgGaF0BGDsO 5otqlgR+zFp5xOGuPN+/5tCNWNnwVlspL1Sq/rlzhtNXn5+lPsZOPu6o94tHoFlu flp//Z2BBUAgPWNiBMdO =zM+R -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
