Work remaining for a 2.1 release?
NIIBE Yutaka
gniibe at fsij.org
Thu Feb 14 05:20:49 CET 2013
On 2013-02-13 at 17:48 -0800, Kyle Butt wrote:
> Can you give me a brief explanation of why the passphrase is needed
> for import?
I think that it's because of the difference between the encryption
mode of secring.gpg and the one under private-keys-v1.d/.
(I don't know the technical reason why it's different.)
According to RFC4880, secret-key packet is encrypted by CFB mode.
According to gnupg/agent/keyformat.txt, the latter only supports
the protection mode of openpgp-s2k3-sha1-aes-cbc.
If the protection mode of secret-key packet were supported by new
secret key storage, it would be possible to move such secret keys as
opaque data from secring.gpg to private-keys-v1.d/.
Currently, we need to decrypt the secret-key packet and to encrypt
again into the file under private-keys-v1.d/. To decrypt/encrypt,
we use passphrase.
--
More information about the Gnupg-devel
mailing list