Even if we assume the device to be secure by definition, the exported identity could be sent from device 1 to device 2 via insecure channel. If the user does not use a secure channel, the private key is disclosed. Hence the private key should be encrypted with a key derived from a password during the export and decrypted during the import (as it is usually done with private keys).
Even if we assume the device to be secure by definition, the exported identity could be sent from device 1 to device 2 via insecure channel. If the user does not use a secure channel, the private key is disclosed. Hence the private key should be encrypted with a key derived from a password during the export and decrypted during the import (as it is usually done with private keys).