Protect my keys, no password request .....

Hello !

I am using Outlook2010 with pgp4win.
This is pricipielly working, but there is no possibility to protect my keys.
I’ve heard about “protect your keyring” - buts this seems to be on linux.

Any help would be great.

Best reagrds,


Your private certificate should have a passphrase attached to it.
If it does not, change the passphrase to one.

Hi !

No, they have a passphrase.
Additionally, I can see the keys, if I start kleopatra, anyway, if I can open a cert. What I am expecting is, that Kleopatra asks for a passphrase, before
it opens the store.

Thanks anyway and
best regards,


The public certificates are just that public, so they can be seen and used without protection. (Of course ACL on the filesystem of the system and access control to the system itself are a protection on a different layer).

Once you try to use a private certificate, you’ll have to unprotect it.

Hmm, I created my certs according to the docs.
But, what I see in Kleopatra is not to understand for me.
I cannot see, if this is something about the private or the
public key. But, if I try to export, no passphrase is required,
but, if I select export secret keys [I think, this is the private key], a passphrase is required. - This moment, I think,
I understand it :wink:

In the gnupg directory in the filesystem, there is “secring.gpg”
and “trustdb.gpg”. Deeper, there is a folder named “private-keys-v1.d”, which is empty.

Maybe, I dont understand the concept :frowning:
If someone has my public key, this is a track to me.
So, I’ll never give my public key around.
If there are lot of unencrypted mails, but some
public keys of a persons computer - occupied
by police, for example - what they do first, is, track all
these people, where the (mentioned) person has
public keys for. Then I must give them the keys,
I am identified and the content revealed. The only
things, which helps much better, is to use Tor together
with mail-encryption: Minimum track at all - only
access to your ISP’s disk may give out some mails,
not the communication track and not the content.

So, I thing encryption removes some tracks, but gives
new types of tracks.

If the public keys are not stored/protected by a passphrase,
I’ll not use or recommend such a system, like Kleopatra
in this case. At least - I am on windows - not on Windows.
Linux may have better solutions.

What generally has to be learned, is about the tracks
itself. Understanding is the best protection.

Waht I am locking for, is to have a secure store for
the keys. For example, for using the tor-browser,
I am using a TrueCrypt hidden volume. The browser
itself is inside the hidden container, together with
the browser history [browsing without history is

  • most of the time - not worth a penny. With my
    solution, you can have both.

My primilary intend to asked here, ist to protect
the store. If I see the number of files in the filesystem,
I see, I need something like a single, secure container
for this.

What I am additionally regarding is, to put a whole
Windows VM in a TrueCrypt hidden volume. Currently,
I cannot live without Windows :frowning:

Thanks anyway for your help.

Best regards,


Hi, the basic concept of asymmetic encryption is nicely explained in the Gpg4win Compendium.

Note btw that TrueCrypt is not Free Software (Open Source), alternatives include DiskCryptor.

In the current version of GnuPG:
secring.gpg is about the private OpenPGP certs.
private-keys-v1.d is about the private X509 certs.

As for protection of the public certificates you have:
It would be easy to include many more public certificates in your database so single entries would not be that significant anymore. I think that tracking will usually done on the easier level like the comminication partners on email or other transportation ways. So in any way, you need to protect your operating system, which is rightfully
out of scope for Gpg4win itself.