Work remaining for a 2.1 release?

Kyle Butt kylebutt at
Thu Feb 14 06:52:37 CET 2013

On Wed, Feb 13, 2013 at 8:20 PM, NIIBE Yutaka <gniibe at> wrote:
> On 2013-02-13 at 17:48 -0800, Kyle Butt wrote:
>> Can you give me a brief explanation of why the passphrase is needed
>> for import?
> I think that it's because of the difference between the encryption
> mode of secring.gpg and the one under private-keys-v1.d/.
> (I don't know the technical reason why it's different.)
> According to RFC4880, secret-key packet is encrypted by CFB mode.
> According to gnupg/agent/keyformat.txt, the latter only supports
> the protection mode of openpgp-s2k3-sha1-aes-cbc.
> If the protection mode of secret-key packet were supported by new
> secret key storage, it would be possible to move such secret keys as
> opaque data from secring.gpg to private-keys-v1.d/.

Is there an objection to porting the common algorithms for the agent's storage?

> Currently, we need to decrypt the secret-key packet and to encrypt
> again into the file under private-keys-v1.d/.  To decrypt/encrypt,
> we use passphrase.
> --

More information about the Gnupg-devel mailing list