no password needed to export secret-keys?
Mika Suomalainen
mika.henrik.mainio at hotmail.com
Tue Jun 5 13:48:52 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04.06.2012 18:57, Sam Smith wrote:
>
> No, the exported file is NOT protected by the passphrase.
>
> If I export the key. And then delete my secret key from my keyring.
> And now Import what I exported, I am not asked for a password
> before the import is allowed to complete. That is, Anyone who gains
> access to my machine can export my secret key (no password
> required), take the product of the export to whatever computer they
> want and then import it (no password required).
>
> I do not see where the security lies. Thanks for the help.
>
>> From: mailinglisten at hauke-laging.de To: gnupg-users at gnupg.org CC:
>> smickson at hotmail.com Subject: Re: no password needed to export
>> secret-keys? Date: Mon, 4 Jun 2012 17:22:05 +0200
>>
>> Am Mo 04.06.2012, 10:27:00 schrieb Sam Smith:
>>
>>> When I use the command: gpg --armor --output <document name>
>>> --export-secret-keys <KeyID>
>>>
>>> shouldn't I be asked for the secret key's password before
>>> Export is
> allowed
>>> to complete? I've tried this on both Windows 7 and Ubuntu Linux
>>> and I'm never asked for a password. This doesn't seem secure to
>>> me. I would
> think
>>> that Export should not be allowed to occur until after the
>>> key's
> password
>>> is provided. Do I have something mis-configured? Can you
>>> explain how
> this
>>> is secure?
>>
>> The exported file is protected by the passphrase. That is similar
>> to
> copying
>> the secring.
>>
>> If you want the exported file to have a different passphrase then
>> you
> have to
>> (make a backup of the secring and then) change the passphrase
> (--edit-key),
>> export the secret key afterwards and then either change the
>> passphrase
> back or
>> overwrite the secring with the backup.
>>
>>
>> Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
If you import the key and then sign something with it, you are
probably asked for a password.
- --
[Mika Suomalainen](https://mkaysi.github.com/) ||
[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) ||
[This signature](https://gist.github.com/2643070#file_icedove.md) ||
[Please reply below this
line](http://mkaysi.github.com/articles/complaining/topposting.html)
____________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Homepage: http://mkaysi.github.com/
Comment: gpg --keyserver pool.sks-keyservers.net 82A46728
Comment: Public key: http://mkaysi.github.com/PGP/key.txt
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJPzfIhAAoJEE21PP6CpGcooSEP/Rc+mJaBEOrG+3ImKYzqRcuM
Uw3Lxu8lg1MOpOB2xYWKrY1YBMgAqDJvmP6epRwJGooxRkD+skmVOqV5PuX6wZ3T
tTiz4lzSvYIEJFOLZhwTYHxzumtmDeY2CLqpj/JNx3NEOeACtch/l2gWnavFxPkz
R5oDt5D+HW8Gq743P7nMysC5MdW5LY+t7KMoZzUHFJszT1FNisKueSYXc1CnTrIt
HLm4gLoEEk5rQs+ZQeIEIeXCFDjfNbCBP1u8lVok531rAptuGMCvcHxixxKX2Bku
IMDjD9A5LpArfP4eV2XSKmfWaDBl9BK3yN+WFu05SsXtmoUdwnx4T7oQXndsSwP0
avEqfQxQVQ8VI95ARaTlhGtytDfGrSrmb+b76+cPK2Bznwdb/2jUw6ssVQXVP6Tm
/IC1ywYIZdxwxSTFGA1JvjppfF0aL0/fW1d9BAG3G4AJ6KH4IEQ/QYofQ0vS3Hf/
MtcJL0LZYV/tuacE5k0K9XDoRJHKkGmiY20GKuqzoscjhXMFOfyyV68n3lnH51E6
Gbw9iHsQkgq9HHGhqNwJcIx3lo6CSGaFZvvy3/ccnlfdo1+1M4IpAvgGaF0BGDsO
5otqlgR+zFp5xOGuPN+/5tCNWNnwVlspL1Sq/rlzhtNXn5+lPsZOPu6o94tHoFlu
flp//Z2BBUAgPWNiBMdO
=zM+R
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list