[svn] GnuPG - r4427 - trunk/doc

svn author wk cvs at cvs.gnupg.org
Mon Feb 5 12:46:58 CET 2007 

Author: wk
Date: 2007-02-05 12:46:58 +0100 (Mon, 05 Feb 2007)
New Revision: 4427

Modified:
   trunk/doc/ChangeLog
   trunk/doc/debugging.texi
Log:
Fix for aegypten issue 720


Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog	2007-02-04 17:23:00 UTC (rev 4426)
+++ trunk/doc/ChangeLog	2007-02-05 11:46:58 UTC (rev 4427)
@@ -1,3 +1,8 @@
+2007-02-05  Werner Koch  <wk at g10code.com>
+
+	* debugging.texi (Common Problems): Tell how to export a private
+	key without a certificate.
+
 2007-01-30  Werner Koch  <wk at g10code.com>
 
 	* com-certs.pem: Added the current root certifcates of D-Trust and

Modified: trunk/doc/debugging.texi
===================================================================
--- trunk/doc/debugging.texi	2007-02-04 17:23:00 UTC (rev 4426)
+++ trunk/doc/debugging.texi	2007-02-05 11:46:58 UTC (rev 4427)
@@ -125,6 +125,46 @@
 making use of ssh.
 
 
+ at item Exporting a secret key without a certificate
+
+I may happen that you have created a certificate request using
+ at command{gpgsm} but not yet received and imported the certificate from
+the CA.  However, you want to export the secret key to another machine
+right now to import the certificate over there then.  You can do this
+with a little trick but it requires that you know the approximate time
+you created the signing request.  By running the command
+
+ at smallexample
+  ls -ltr ~/.gnupg/private-keys-v1.d
+ at end smallexample
+
+you get a listing of all private keys under control of @command{gpg-agent}.
+Pick the key which best matches the creation time and run the command
+ 
+ at smallexample
+  /usr/local/libexec/gpg-protect-tool --p12-export ~/.gnupg/private-keys-v1.d/@var{foo} >@var{foo}.p12
+ at end smallexample
+
+(Please adjust the path to @command{gpg-protect-tool} to the approriate
+location). @var{foo} is the name of the key file you picked (it should
+have the suffix @file{.key}).  A Pinentry box will pop up and ask you
+for the current passphrase of the key and a new passphrase to protect it
+in the pkcs#12 file.
+
+To import the created file on the machine you use this command:  
+
+ at smallexample
+  /usr/local/libexec/gpg-protect-tool --p12-import --store  @var{foo}.p12
+ at end smallexample
+
+You will be asked for the pkcs#12 passphrase and a new passphrase to
+protect the imported private key at its new location.
+
+Note that there is no easy way to match existing certificates with
+stored private keys because some private keys are used for Secure Shell
+or other purposes and don't have a corresponding certificate.
+
+
 @end itemize

More information about the Gnupg-commits mailing list