On 25/11/16 14:36, Stephan Beck wrote: > Would you please describe more in detail where (or in which way, in > which use case) the window is left open?
Let me reuse a bit of quote from an earlier mail: >>> A2) Export the secret subkey you'd like to use for ssh authentication >>> purposes and pipe it through openpgp2ssh >>> gpg2 --export-secret-subkeys \ >>> --export-options export-reset-subkey-passwd [keyID!] | \ >>> openpgp2ssh [keyID] > gpg-auth-keyfile Here a file is created with most likely mode 0644. It contains an unencrypted private key, and anyone being quick about it can read the file until you have time to type.... >>> >>> A3) Set correct permissions >>> >>> chmod 0600 gpg-auth-keyfile ... and from this moment on it is secure. If somebody knew beforehand you were going to do this on a multi-user system, he could monitor likely directories programmatically and catch you in the act. Paranoia mode... on! HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users