on Thu, Nov 30, 2000 at 10:09:26PM -0500, Chris Gray (cgray@nowonder.com) wrote:
> >>>>> "kmself" == kmself <kmself@ix.netcom.com> writes:
>
> >> You're probably right about this (IANA security expert), but
> >> these should only be readable by root. Also, if you have a
> >> malicious root, your private key isn't going to be all that
> >> safe anyway.
>
> kmself> Well, on disk, your private key is secured by your
> kmself> passphrase (right?).
>
> I just did a 'less' on my secring.gpg, so... (remember the thread on
> the difficulty of password protecting a directory recently)
>
> I don't think that the private key is encrypted in any way. The fact
> that it has mode 0600 is seen as security enough.
I did:
gpg --armor --export-secret-keys kmself
...which did just that, without prompting for a passphrase. I think you
may be right about that. Hmmm.... Still, the key doesn't work without
the passphrase, right? Need to investigate further.
--
Karsten M. Self <kmself@ix.netcom.com> http://www.netcom.com/~kmself
Evangelist, Zelerate, Inc. http://www.zelerate.org
What part of "Gestalt" don't you understand? There is no K5 cabal
http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Attachment:
pgpEOmKguOvTN.pgp
Description: PGP signature