[guardian-dev] Format of exported subkeys from gnupg

Hans-Christoph Steiner hans at guardianproject.info
Fri Aug 3 19:08:41 CEST 2012



On 08/03/2012 12:34 PM, Daniel Kahn Gillmor wrote:
> On 08/03/2012 12:19 PM, Abel Luck wrote:
>> 1. Implement all possible ciphers in my library, ask the user for their
>> key and decrypt
> 
> please don't re-implement the ciphers.  there are plenty of libraries
> that do that for you :)  If you're using C, libgcrypt and libnettle are
> both good options.
> 
>> 2. Only support plaintext exported keys, decryption is handled by GnuPG
>> during export.
> 
> this is simpler, true. :)
> 
>> Thus the question is: how can I --export-secret-subkeys with
>> unprotected/plaintext secret key values?
> 
> i think you want something like:
> 
>  --export-options export-reset-subkey-passwd,export-minimal

Since we are talking about just exporting subkeys, I think using the
plaintext export should be workable as long as gpg can export to stdout.
 Then we can just receive the unencrypted private key via stdin and
it'll never touch the disk.

.hc



More information about the Gnupg-devel mailing list