why exporting private key without passphrase

Janusz A. Urbanowicz alex at bofh.net.pl
Fri Jul 6 15:50:15 CEST 2007


On Wed, Jul 04, 2007 at 12:18:16PM -0300, jesus martinez wrote:

> i noticed that using GnuPG anyone who has access to
> a machina where its installed, can export any private
> key without being asked the correct passphrase.
> 
> isnt it a security issue ? what is a computer is
> a public one ?

the keys can be copied without running gpg anyway (they are kept in a
plain file), so there is no point in protecting export process

don't keep secret keys on a public computer

=alx
-- 
JID: alex at hell.pl
PGP: 0x46399138
od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze
 -- Czerski



More information about the Gnupg-devel mailing list