[dev] PGP - view private key

Michael M Slusarz slusarz@bigworm.colorado.edu
Sun, 21 Apr 2002 17:12:35 -0600

Next message: [dev] PGP - view private key
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Harry Hoffman <hhoffman@ip-solutions.net>:

| Hi All,
|    Should I be able to view my private key block in IMP when I haven't
| entered 
| in my PGP password? I'm guessing no but I'm not quite sure. Any ideas??
| 

To me, at least, it shouldn't make a difference - that's why I implemented 
it that way.  You have already used your email login to verify your 
identity - I don't know how much more security entering another password is 
going to give you.

Just to note - I hesitated in providing this View Private Key information 
at first (it wasn't in my original patches for a reason).  However, on 
reflection, I realized that if you create a key via IMP, you need a way to 
export this information in case you want to use your key in another 
application.  I realize that the private key is the single most important 
item in encryption, but I made the decision that the potential for misuse 
(e.g. novice user accidentally cutting/pasting/and making the key publicly 
available) was outweighed by this need for an exporting mechanism.  Anyone 
agree/disagree?

michael

______________________________________________
Michael Slusarz [slusarz@bigworm.colorado.edu]
The University of Colorado at Boulder

Next message: [dev] PGP - view private key
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]