GPGME export secret key

Werner Koch wk at gnupg.org
Fri Sep 5 09:48:42 CEST 2008


On Thu,  4 Sep 2008 17:25, mail at markuswestphal.de said:

> Has this been fixed since? Would it now be possible to add support  
> for exporting private keys?

That was a valid reason at that time but meanwhile gpgme has evolved.

Exporting secret keys is always a task which needs to be well planned
and thus an API to do this is just to simple.  One problem which needs
to be properly addressed is to export and import secret key in a secure
way.  This is for example requied for a FIPS-140 certification.  My
current idea is to implement properkey wrapping, which means that you
register a key wrapping key with gpgme/gnupg ang gnupg exports the key
then encrypted for that key.  This will be an additional layer on top of
a passprase protected private key part.  I'll talk about this at the
Linux Kongress.



Shalom-Salam,

   Werner


-- 
Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org

   Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-devel mailing list