No, the exported file is NOT protected by the passphrase.
If I export the key. And then delete my secret key from my keyring. And now
Import what I exported, I am not asked for a password before the import is
allowed to complete. That is, Anyone who gains access to my machine can export
my secret key (no password required), take the product of the export to
whatever computer they want and then import it (no password required).
I do not see where the security lies. Thanks for the help.
> From: mailinglis...@hauke-laging.de
> To: gnupg-users@gnupg.org
> CC: smick...@hotmail.com
> Subject: Re: no password needed to export secret-keys?
> Date: Mon, 4 Jun 2012 17:22:05 +0200
>
> Am Mo 04.06.2012, 10:27:00 schrieb Sam Smith:
>
> > When I use the command: gpg --armor --output <document name>
> > --export-secret-keys <KeyID>
> >
> > shouldn't I be asked for the secret key's password before Export is allowed
> > to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm
> > never asked for a password. This doesn't seem secure to me. I would think
> > that Export should not be allowed to occur until after the key's password
> > is provided. Do I have something mis-configured? Can you explain how this
> > is secure?
>
> The exported file is protected by the passphrase. That is similar to copying
> the secring.
>
> If you want the exported file to have a different passphrase then you have to
> (make a backup of the secring and then) change the passphrase (--edit-key),
> export the secret key afterwards and then either change the passphrase back
> or
> overwrite the secring with the backup.
>
>
> Hauke
> --
> PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
