The main purpose for us using the PGP technology is to protect sensitive files sent to us from being stolen in transfer and/or in storage.
However, if someone (say, a fired employee) exports the private key and knows the passphrase (because he/she was authorized to receive and decrypt files), he/she can decrypt the files at home easily.
Changing the passphrase doesn’t help, because the exported private key used the passphrase that was active at the moment of export, and will still decrypt new files - am I right?
Therefore, limiting the option for the user to export a private key would be a good idea. Can it be done?