I am new GnuPG, thus, this might be a silly question. Yet:
I want to encrypt my emails, thus using gpg4win. Alongside I use Kleopatra, a tool for creating my own certificates and managing the public keys of my friends. I went through the manual on Gpg4win - Compendium and was also reading some other manuals and FAQs.
It is always mentioned that it is important to export your own certificate/ private key and ideally save it on some external medium (usb-stick, DVD) and keep your secret-key, well, secret. Anyhow, the certificate is still in the Kleopatra-tool and can be exported again and again (as well as imported). Thus, isn't the security of my certificate not just defined by the security of the access to my PC? I mean, as a hacker I would rather try to get access to someones computer rather than breaking into a flat, searching for that USB-Stick under the pillow. I suggest, that the PC here is the weakest point. If the PC is not the weakest point, there is no need to export and hide the certificate.
Also, I am using Thunderbird and Enigmail. Here I am asked for my passphrase when decrypting mails being sent to me. Similar point as above. Isn't the secret key totally useless as long as one does not know the passphrase? So, where is the point of exporting and physically hiding my cerificate, when having to enter the passphrase in order to make use of my certificate anyway?