or Create a profile

Home Stable

Access to secret key?

Bill's Avatar

Bill

11 Aug, 2012 03:43 PM

If someone sat down at my computer and opened up GPG Keychain Access, wouldn't they have access to my secret key?
(Lets forget about keeping your computer password protected for the moment)

Could they steal the key and do anything with it?

  1. Support Staff 1 Posted by Steve on 13 Aug, 2012 03:51 PM

    Steve's Avatar

    – UPDATED on 2015-07-08 as the previous answer was incomplete! –

    if someone gains access to your laptop without having a password setup in OSX screensaver, all kind of things can happen. Starting with key loggers being installer and ending with all kinds of malware running on your system. So probably then, leaked sec keys (but not their passphrases - with which they are still protected) is one of the minor issues you'd be facing in that scenario.

    The above already includes the counter measure to this issue: setup a screensaver with password which kicks in after a few minutes of unused time if you work in multidesk work environments or travel a lot.

    Since secret keys are still protected with the passphrase, it's the combination of physical access to the sec key plus knowing the passphrase that makes up the security of key pair encryption (and of course the web of trust). So if your secret key gets stolen, you are not completely lost and the attacker could not sign fake mails from that key if they do not have the passphrase. But a lost or stolen secret key should be taken very serious nonetheless and probably it's then best to revoke that key and create a new one.

    We do agree, that having an option to generally protect GPG Keychain with a password, would be nice to have. That would then also cover key editing or exporting of keys.

    We have a ticket for this problem. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll receive a notification. Feel free to open a new discussions should you run into further problems or need assistance.

    Does this answer your question?

    All the best,
    steve

  2. 2 Posted by Bill on 14 Aug, 2012 04:20 AM

    Bill's Avatar

    Yes, thanks.

  3. Steve closed this discussion on 14 Aug, 2012 09:02 AM.

  4. Steve re-opened this discussion on 08 Jul, 2015 05:34 PM

  5. Steve closed this discussion on 08 Jul, 2015 05:41 PM.

Comments are currently closed for this discussion. You can start a new one.

  • New Issue

  • Conversation Started

  • The discussion is closed

    No more actions from GPGTools or the discussion starter are required.

    #335 state: open

  • Re-open the discussion

Private Permissions

This discussion is private. Only you and GPGTools support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

06 May, 2025 07:01 PM GPG Keychain: Why is there still no way to create ECC keys via the GUI?
05 Apr, 2025 04:25 AM how to open
11 Mar, 2025 08:55 AM GPG Keychain: Dialog zur Erstellung von neuen Keys
06 Feb, 2025 05:56 PM Cannot copy SHA256 sum for stable package download
06 Feb, 2025 04:00 PM After installing 15.3, GPG clients cannot find any keys

Recent Articles

How to revoke a key or user ID?
How to enable GPG Mail on macOS
Modification Detection Code (MDC) Errors
Uninstall GPG Suite
GPG Mail and macOS 15 Sequoia + 14 Sonoma Known Issues