On Fri, Aug 08, 2008 at 06:03:25AM -0400, Faramir wrote: > zulag escribió: > > 1. The GnuPG documentation states that "--export-secret-key" is "a > > security risk". Since no passphrase is asked, I imagine the exported > > key is not clear text. So why is it a security risk ? Because it would > > make it impossible (useless) to change the secret key passphrase later > > if the exported encrypted file goes public ? > > I suppose it is clear text, and that would be the reason for the > "security risk" warning. The idea about export a secret key is to import > it in other place, so it must be cleartext... unless you want to back up > it, in that case, you can encrypt it right after exporting it... But all > this is what I suppose, since I don't remember having exported a secret > key from command line.
>From a completely dumb user's perspective... "gpg --export-secret-key --armor" does not require a passphrase - you can just run it, and it gives you the secret key. I assume that this secret key must be passphrase-encrypted. Otherwise, what's the point of having passphrase protection on the secret keyring, when you can just export the secret key from the secret keyring unencrypted without having to know the passphrase? Maybe it's considered a security risk because it doesn't necessarily have the usual UNIX (or other OS) permissions set to make it accessible only by its owner? Or maybe it's just there to discourage people from transporting secret keys around? -- David Smith | Tel: +44 (0)1454 462380 Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West | TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury | Work Email: [EMAIL PROTECTED] BRISTOL, BS32 4SQ | Home Email: [EMAIL PROTECTED] _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
