Hello,
I'm pretty new to file system encryption and had a quick question.
What is the downside to having a private key exportable? Is this more of a security risk?
In the situation of getting a new computer, I would assume keys would have to be exportable, otherwise how would you get the private key onto the new machine....?
Also what about this scenario - Say an attacker logged onto my computer somehow, and took a copy of some data that was encrypted with my PGP key, and also took a copy of the pubring.pkr and secring.skr files that Symantec Encryption Desktop creates in c:\users\username\Documents. The data is pretty secure as it uses the whole public/private key technology to encrypt the data, but none of this really matters as all the attacker would need to know is the passphrase for the keyring.
So in the scenario, is the data only as secure as the passphrase used to secure the keyring?
Thanks in advance for the responoses.
Cheers
Peter