I'm going to keep this as short as possible, because we've already hit the point at which we're casting far more heat than light.
> Oddly, I don't recall Jerome ever making a statement remotely like > "If I steal your decrypted key, ...". I only remember him stating > that he thought, as did I, that the OP meant that he wanted ways to > prevent people stealing his secret key material when he said: "what > is the best way to protect your private key from getting stolen?". > Anthony interpreted it as somebody stealing the keyring, and Jerome > disagreed on that interpretation. As do I. GnuPG depends on you having physical control of the hardware for the duration of your use of the system. If this fails, then there's nothing GnuPG -- or anything, for that matter! -- can do to keep your secret key material safe. If I put my secret key on a system that is later compromised, I can still be confident in the security of my secret key. If I log into that machine and use my secret key even once, though, that key needs to be considered compromised because I've failed to uphold the absolute prerequisite for GnuPG usage: control of the hardware during my interaction with it. Secret key material can only be compromised in two situations: either (a) someone you don't trust has root on your system while you're using GnuPG, in which case it's a game-over and the only defense is "well, don't do that, then!", or (b) someone compromises your PC while you're not using GnuPG and steals your private key. (a) is true, but it doesn't lead anywhere useful. That makes it trivial. Why are we even discussing a triviality? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users