10

What is it about the architecture of GPG that requires me to enter the password of the secret key when I export it with "gpg --export-secret-keys"?

I would expect that gpg can just copy the relevant part out of the keyring and dump it into a file, without a password prompt. After all, the exported form is still encrypted with my password.

hut
  • 329
  • 2
  • 8
  • It is rather reassuring that the password is asked for this kind of operation, otherwise an attacker who controls your terminal could get your secret keys without knowing your password. It's maybe possible to disable this property but it wouldn't be surprising if not. If you want to, you can still try to decrypt the output file. – Raoul722 Feb 27 '16 at 22:31
  • 2
    An attacker who controls your terminal can just look them up from ~/.gnupg. As long as they are similarly encrypted there is no difference. – otus Dec 23 '17 at 09:57
  • I'm voting to close this question as off-topic because it is not about cryptography as defined in our help center. Instead, it is about the usage of a specific program — and the answer can be found in the according user manual. – e-sushi Dec 24 '17 at 08:41

1 Answers1

12

man gpg...

GnuPG may ask you to enter the passphrase for the key. This is required because the internal protection method of the secret key is different from the one specified by the OpenPGP protocol.

I guess that answers it. Though if anybody knows more, feel free to share.

hut
  • 329
  • 2
  • 8