Feature request to require password to export secret key
Closed, ResolvedPublic

Description

Release: 1.2.1

Environment

i386, RedHat 7.2 with 2.4.17+LIDS kernel

Description

No authentication of the human user (as opposed to uid) is required when exporting the secret key, which might allow the secret key to be stolen.

This would ordinarily not matter, because access to the user account with read privileges on the secret key file doesn't usually require 'gpg --export-secret-key' to copy the file. However, on a high security system with LIDS, presumably Security Enhanced Linux, or other fine-grained access control systems it is possible to grant access to the key file to the gpg executable but not to other access methods.

It is possible this would also benefit smartcard users, where the key is not stored on an easily grabbable file system but is accessible to gpg.

How To Repeat

'gpg -a --export-secret-key' will export the secret key without requiring the key's password or any other authentication of the human entering the command.

Fix

It would be ideal if the user would be prompted for their passphrase before allowing export of the secret key.

I realize this is a really fringe request and apologize if I'm just bothering you.

werner added a subscriber: werner.Oct 14 2004, 2:27 PM

Meanwhile I added protection stuff but I am not sure whether entering the passphrase is a sufficient protection. It might be better to have a different gpg version for exporting keys.

Lets dicsuss this by mail

werner added a comment.Jun 1 2005, 9:10 PM

Not sure whether this is a really a good idea. With gnupg
1.9 exporting a secret key will only be possible using a
special tool.

werner removed a project: Stalled.
werner closed this task as Resolved.

We might implement something along with planned changes in gpgme. No concrete
schedule, thus I close this request.