Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

no password needed to export secret-keys?

 

 

GnuPG users RSS feed   Index | Next | Previous | View Threaded


smickson at hotmail

Jun 4, 2012, 7:27 AM

Post #1 of 11 (1750 views)
Permalink
no password needed to export secret-keys?

Hi.

When I use the command: gpg --armor --output <document name> --export-secret-keys <KeyID>

shouldn't I be asked for the secret key's password before Export is allowed to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm never asked for a password. This doesn't seem secure to me. I would think that Export should not be allowed to occur until after the key's password is provided. Do I have something mis-configured? Can you explain how this is secure?


Thanks for your assistance.


mailinglisten at hauke-laging

Jun 4, 2012, 8:22 AM

Post #2 of 11 (1725 views)
Permalink
Re: no password needed to export secret-keys? [In reply to]

Am Mo 04.06.2012, 10:27:00 schrieb Sam Smith:

> When I use the command: gpg --armor --output <document name>
> --export-secret-keys <KeyID>
>
> shouldn't I be asked for the secret key's password before Export is allowed
> to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm
> never asked for a password. This doesn't seem secure to me. I would think
> that Export should not be allowed to occur until after the key's password
> is provided. Do I have something mis-configured? Can you explain how this
> is secure?

The exported file is protected by the passphrase. That is similar to copying
the secring.

If you want the exported file to have a different passphrase then you have to
(make a backup of the secring and then) change the passphrase (--edit-key),
export the secret key afterwards and then either change the passphrase back or
overwrite the secring with the backup.


Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
Attachments: signature.asc (0.54 KB)


mika.henrik.mainio at hotmail

Jun 4, 2012, 8:24 AM

Post #3 of 11 (1727 views)
Permalink
Re: no password needed to export secret-keys? [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

On 04.06.2012 17:27, Sam Smith wrote:
>
> Hi.
>
> When I use the command: gpg --armor --output <document name>
> --export-secret-keys <KeyID>
>
> shouldn't I be asked for the secret key's password before Export is
> allowed to complete? I've tried this on both Windows 7 and Ubuntu
> Linux and I'm never asked for a password. This doesn't seem secure
> to me. I would think that Export should not be allowed to occur
> until after the key's password is provided. Do I have something
> mis-configured? Can you explain how this is secure?
>
>
> Thanks for your assistance.

This would be a nice feature to have. If you don't receive any replies
about this, you could report bug to Ubuntu about this and mark it as
security problem.

> ubuntu-bug gnupg


- --
[Mika Suomalainen](https://mkaysi.github.com/) ||
[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) ||
[This signature](https://gist.github.com/2643070#file_icedove.md) ||

[Please reply below this
line](http://mkaysi.github.com/articles/complaining/topposting.html)

____________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Homepage: http://mkaysi.github.com/
Comment: gpg --keyserver pool.sks-keyservers.net 82A46728
Comment: Public key: http://mkaysi.github.com/PGP/key.txt
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPzNMpAAoJEE21PP6CpGcoWHQQAMUWn89hMeDiiUEavbQaYBSb
BuIxFN2a65jAq/TDLyYrqlwbndCTfwjZk3WSR34VhohxmJCnyqhIBZg/J9Ab/5n0
oCrB25GnxgoTZqirk4EqVT9n/vckcMUtzuu2Gb/RdqgzamEuSDoPCuGco0/iPwtg
waqSHHUPOOslzvhkr6K70CVWjOOwT5R/5V2Cf1XLdOFd6gGkRQZU1qbuiZWMY7hI
/tO22Ra7pu+gH3o1IDItoiuFNm96CfIMUb8hoREMJDXtyg0bvQrFFPCmplofPQsf
LdD6Cz4Q1ju0M4jM7oSzi0BmkioZJjEeH+M/nP4pv6hPV/PPBBxLHnyc/EE3Ofk9
Y3I4QaxlTTtFdrmgo3RmN3ZiD798eLOeC6FX6NlEflJHEHLCcs+y4CG2+ss7Wqqe
1yW29DNRW1dHLEkTApFB7OV+6K5qbA7T1Ga6DsqgAk5ZAA5Z9F99HOTKTWk3EWmf
nQ9waL+L3eDYhd4eEcRkaQZtwo2XGsNMEpTZMXZVoxk85F9x5ao/LfiT6kijkUb+
J4V5YQYCEinp39z+Fmrwmt5JZuHi0sxTAmvHX0saEScbcMKhXQC1+i+ufQviNBTn
kIjy2GGKUUaSAnuWEpGyQfdaKjxdUHqWNS9rrgHHIRiAZv5FGbZgK0RMcqItUwR/
UfXzHifRiVTbLXQv4HgJ
=oM3u
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


dshaw at jabberwocky

Jun 4, 2012, 8:26 AM

Post #4 of 11 (1726 views)
Permalink
Re: no password needed to export secret-keys? [In reply to]

On Jun 4, 2012, at 10:27 AM, Sam Smith wrote:

>
> Hi.
>
> When I use the command: gpg --armor --output <document name> --export-secret-keys <KeyID>
>
> shouldn't I be asked for the secret key's password before Export is allowed to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm never asked for a password. This doesn't seem secure to me. I would think that Export should not be allowed to occur until after the key's password is provided. Do I have something mis-configured? Can you explain how this is secure?

The secret key is encrypted via your passphrase, so it is safe to export. GPG is just copying some bytes from a file on disk, and you could copy the whole file yourself via 'cp' just as easily.

Still, you can do things with SELinux to prevent any process from reading the secret key file except GPG, and in that case, it might be reasonable to request a passphrase before exporting the key.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


smickson at hotmail

Jun 4, 2012, 8:57 AM

Post #5 of 11 (1728 views)
Permalink
no password needed to export secret-keys? [In reply to]

No, the exported file is NOT protected by the passphrase.

If I export the key. And then delete my secret key from my keyring. And now Import what I exported, I am not asked for a password before the import is allowed to complete. That is, Anyone who gains access to my machine can export my secret key (no password required), take the product of the export to whatever computer they want and then import it (no password required).

I do not see where the security lies. Thanks for the help.

> From: mailinglisten [at] hauke-laging
> To: gnupg-users [at] gnupg
> CC: smickson [at] hotmail
> Subject: Re: no password needed to export secret-keys?
> Date: Mon, 4 Jun 2012 17:22:05 +0200
>
> Am Mo 04.06.2012, 10:27:00 schrieb Sam Smith:
>
> > When I use the command: gpg --armor --output <document name>
> > --export-secret-keys <KeyID>
> >
> > shouldn't I be asked for the secret key's password before Export is allowed
> > to complete? I've tried this on both Windows 7 and Ubuntu Linux and I'm
> > never asked for a password. This doesn't seem secure to me. I would think
> > that Export should not be allowed to occur until after the key's password
> > is provided. Do I have something mis-configured? Can you explain how this
> > is secure?
>
> The exported file is protected by the passphrase. That is similar to copying
> the secring.
>
> If you want the exported file to have a different passphrase then you have to
> (make a backup of the secring and then) change the passphrase (--edit-key),
> export the secret key afterwards and then either change the passphrase back or
> overwrite the secring with the backup.
>
>
> Hauke
> --
> PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814


mailinglisten at hauke-laging

Jun 4, 2012, 9:06 AM

Post #6 of 11 (1726 views)
Permalink
Re: no password needed to export secret-keys? [In reply to]

Am Mo 04.06.2012, 11:56:22 schrieb Sam Smith:

Please take care that you reply to the list.

> No, the exported file is NOT protected by the passphrase.
>
> If I export the key. And then delete my secret key from my keyring. And now
> Import what I exported, I am not asked for a password before the import is
> allowed to complete. That is, Anyone who gains access to my machine can
> export my secret key (no password required), take the product of the export
> to whatever computer they want and then import it (no password required).

You obviously have a completely wrong idea what a passphrase is used for.

A passphrase is (if used) needed for crypto operations which need the private
key (the numbers). The passphrase just encrypts the key material, not the
whole exported file. Importing and exporting are not crypto operations.

If you want to prevent others from importing or exporting keys then prevent
them from accessing the files (a very common IT task that is not related to
GnuPG).


Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
Attachments: signature.asc (0.54 KB)


smickson at hotmail

Jun 4, 2012, 9:14 AM

Post #7 of 11 (1726 views)
Permalink
RE: no password needed to export secret-keys? [In reply to]

Okay. So being able to export without password is by design then. I don't have anything misconfigured.

This makes it a trivial task to steal someone's secret key. All that's needed is access to the machine for a few seconds when no one is looking.

I am not technically know-how enough to configure SELinux or app-armor. Does this mean there is no way to safeguard the Secret Key, other than the obvious of not letting anyone use my user-account? or is there any security measures that you guys use to protect secret key from being exported by someone else?


> From: mailinglisten [at] hauke-laging
> To: gnupg-users [at] gnupg
> CC: smickson [at] hotmail
> Subject: Re: no password needed to export secret-keys?
> Date: Mon, 4 Jun 2012 18:06:08 +0200
>
> Am Mo 04.06.2012, 11:56:22 schrieb Sam Smith:
>
> Please take care that you reply to the list.
>
> > No, the exported file is NOT protected by the passphrase.
> >
> > If I export the key. And then delete my secret key from my keyring. And now
> > Import what I exported, I am not asked for a password before the import is
> > allowed to complete. That is, Anyone who gains access to my machine can
> > export my secret key (no password required), take the product of the export
> > to whatever computer they want and then import it (no password required).
>
> You obviously have a completely wrong idea what a passphrase is used for.
>
> A passphrase is (if used) needed for crypto operations which need the private
> key (the numbers). The passphrase just encrypts the key material, not the
> whole exported file. Importing and exporting are not crypto operations.
>
> If you want to prevent others from importing or exporting keys then prevent
> them from accessing the files (a very common IT task that is not related to
> GnuPG).
>
>
> Hauke
> --
> PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814


rjh at sixdemonbag

Jun 4, 2012, 9:14 AM

Post #8 of 11 (1729 views)
Permalink
Re: no password needed to export secret-keys? [In reply to]

On 6/4/12 11:57 AM, Sam Smith wrote:
> No, the exported file is NOT protected by the passphrase.

Yes, it is.

Try using the newly-imported secret key. :)

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


smickson at hotmail

Jun 4, 2012, 9:31 AM

Post #9 of 11 (1727 views)
Permalink
RE: no password needed to export secret-keys? [In reply to]

ah-ha.

Thanks guys!!

I tried to make a detached signature file with the imported key and it asked for password. I finally see what you guys have been telling me. Sorry I'm so dense :0

Yes, someone can export my secret key from my computer and then they can import my secret key into their computer. But to actually sign anything with my secret key they will have to know the password. This is great. So I see now that even if they can export and import my key they cannot use it.

thanks again guys for educating me.


> Date: Mon, 4 Jun 2012 12:14:39 -0400
> From: rjh [at] sixdemonbag
> To: gnupg-users [at] gnupg
> Subject: Re: no password needed to export secret-keys?
>
> On 6/4/12 11:57 AM, Sam Smith wrote:
> > No, the exported file is NOT protected by the passphrase.
>
> Yes, it is.
>
> Try using the newly-imported secret key. :)
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users [at] gnupg
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


Lists.gnupg at mephisto

Jun 4, 2012, 10:16 AM

Post #10 of 11 (1728 views)
Permalink
Re: no password needed to export secret-keys? [In reply to]

On Mon, Jun 04, 2012 at 11:57:02AM -0400 Also sprach Sam Smith:

> No, the exported file is NOT protected by the passphrase.
>
> If I export the key. And then delete my secret key from my keyring.
> And now Import what I exported, I am not asked for a password before
> the import is allowed to complete. That is, Anyone who gains access
> to my machine can export my secret key (no password required), take
> the product of the export to whatever computer they want and then
> import it (no password required).
>
> I do not see where the security lies. Thanks for the help.
>

The security lies in the fact that the key you are exporting and
importing is itself encrypted. It is encrypted where it resides on
your keychain, it is encrypted in the file you export, and it is
still encrypted when you import it into another keychain.

Adding a password requirement to --export-secret-keys would add a very
marginal degree of security, because, as has been noted, anyone with
access to your user account on the computer which hosts your keychain
(i.e. someone who could presumably run gpg --export-secret-keys on
your keychain) could just as easily cp the whole darn keychain; they
STILL would not be able to use your key to sign or decrypt without
knowing the passphrase of the key. The export command really just
provides you with a convenient method of copying a specific key or
keys from your keychain, instead of the whole thing.

It is almost impossible (or at least not practical) to prevent someone
with physical access to your computer from exporting or copying key
data which is stored on your hard disk, so the key is always stored in
encrypted form, so that even if it is copied, it cannot be used sans
passphrase. If you are truly concerned about preventing the
possibility that even your encrypted private keys may be copied,
consider a solution such as the OpenPGP card, from which it is
practically infeasible to export the keys at all.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


mika.henrik.mainio at hotmail

Jun 5, 2012, 4:48 AM

Post #11 of 11 (1727 views)
Permalink
Re: no password needed to export secret-keys? [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04.06.2012 18:57, Sam Smith wrote:
>
> No, the exported file is NOT protected by the passphrase.
>
> If I export the key. And then delete my secret key from my keyring.
> And now Import what I exported, I am not asked for a password
> before the import is allowed to complete. That is, Anyone who gains
> access to my machine can export my secret key (no password
> required), take the product of the export to whatever computer they
> want and then import it (no password required).
>
> I do not see where the security lies. Thanks for the help.
>
>> From: mailinglisten [at] hauke-laging To: gnupg-users [at] gnupg CC:
>> smickson [at] hotmail Subject: Re: no password needed to export
>> secret-keys? Date: Mon, 4 Jun 2012 17:22:05 +0200
>>
>> Am Mo 04.06.2012, 10:27:00 schrieb Sam Smith:
>>
>>> When I use the command: gpg --armor --output <document name>
>>> --export-secret-keys <KeyID>
>>>
>>> shouldn't I be asked for the secret key's password before
>>> Export is
> allowed
>>> to complete? I've tried this on both Windows 7 and Ubuntu Linux
>>> and I'm never asked for a password. This doesn't seem secure to
>>> me. I would
> think
>>> that Export should not be allowed to occur until after the
>>> key's
> password
>>> is provided. Do I have something mis-configured? Can you
>>> explain how
> this
>>> is secure?
>>
>> The exported file is protected by the passphrase. That is similar
>> to
> copying
>> the secring.
>>
>> If you want the exported file to have a different passphrase then
>> you
> have to
>> (make a backup of the secring and then) change the passphrase
> (--edit-key),
>> export the secret key afterwards and then either change the
>> passphrase
> back or
>> overwrite the secring with the backup.
>>
>>
>> Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814

If you import the key and then sign something with it, you are
probably asked for a password.


- --
[Mika Suomalainen](https://mkaysi.github.com/) ||
[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) ||
[This signature](https://gist.github.com/2643070#file_icedove.md) ||

[Please reply below this
line](http://mkaysi.github.com/articles/complaining/topposting.html)

____________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Homepage: http://mkaysi.github.com/
Comment: gpg --keyserver pool.sks-keyservers.net 82A46728
Comment: Public key: http://mkaysi.github.com/PGP/key.txt
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPzfIhAAoJEE21PP6CpGcooSEP/Rc+mJaBEOrG+3ImKYzqRcuM
Uw3Lxu8lg1MOpOB2xYWKrY1YBMgAqDJvmP6epRwJGooxRkD+skmVOqV5PuX6wZ3T
tTiz4lzSvYIEJFOLZhwTYHxzumtmDeY2CLqpj/JNx3NEOeACtch/l2gWnavFxPkz
R5oDt5D+HW8Gq743P7nMysC5MdW5LY+t7KMoZzUHFJszT1FNisKueSYXc1CnTrIt
HLm4gLoEEk5rQs+ZQeIEIeXCFDjfNbCBP1u8lVok531rAptuGMCvcHxixxKX2Bku
IMDjD9A5LpArfP4eV2XSKmfWaDBl9BK3yN+WFu05SsXtmoUdwnx4T7oQXndsSwP0
avEqfQxQVQ8VI95ARaTlhGtytDfGrSrmb+b76+cPK2Bznwdb/2jUw6ssVQXVP6Tm
/IC1ywYIZdxwxSTFGA1JvjppfF0aL0/fW1d9BAG3G4AJ6KH4IEQ/QYofQ0vS3Hf/
MtcJL0LZYV/tuacE5k0K9XDoRJHKkGmiY20GKuqzoscjhXMFOfyyV68n3lnH51E6
Gbw9iHsQkgq9HHGhqNwJcIx3lo6CSGaFZvvy3/ccnlfdo1+1M4IpAvgGaF0BGDsO
5otqlgR+zFp5xOGuPN+/5tCNWNnwVlspL1Sq/rlzhtNXn5+lPsZOPu6o94tHoFlu
flp//Z2BBUAgPWNiBMdO
=zM+R
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.