Release: 1.2.1

Environment

i386, RedHat 7.2 with 2.4.17+LIDS kernel

Description

No authentication of the human user (as opposed to uid) is required when exporting the secret key, which might allow the secret key to be stolen.

This would ordinarily not matter, because access to the user account with read privileges on the secret key file doesn't usually require 'gpg --export-secret-key' to copy the file. However, on a high security system with LIDS, presumably Security Enhanced Linux, or other fine-grained access control systems it is possible to grant access to the key file to the gpg executable but not to other access methods.

It is possible this would also benefit smartcard users, where the key is not stored on an easily grabbable file system but is accessible to gpg.

How To Repeat

'gpg -a --export-secret-key' will export the secret key without requiring the key's password or any other authentication of the human entering the command.

Fix

It would be ideal if the user would be prompted for their passphrase before allowing export of the secret key.

I realize this is a really fringe request and apologize if I'm just bothering you.