Work remaining for a 2.1 release?
Kyle Butt
kylebutt at gmail.com
Thu Feb 14 06:52:37 CET 2013
On Wed, Feb 13, 2013 at 8:20 PM, NIIBE Yutaka <gniibe at fsij.org> wrote:
> On 2013-02-13 at 17:48 -0800, Kyle Butt wrote:
>> Can you give me a brief explanation of why the passphrase is needed
>> for import?
>
> I think that it's because of the difference between the encryption
> mode of secring.gpg and the one under private-keys-v1.d/.
>
> (I don't know the technical reason why it's different.)
>
> According to RFC4880, secret-key packet is encrypted by CFB mode.
>
> According to gnupg/agent/keyformat.txt, the latter only supports
> the protection mode of openpgp-s2k3-sha1-aes-cbc.
>
> If the protection mode of secret-key packet were supported by new
> secret key storage, it would be possible to move such secret keys as
> opaque data from secring.gpg to private-keys-v1.d/.
>
Is there an objection to porting the common algorithms for the agent's storage?
> Currently, we need to decrypt the secret-key packet and to encrypt
> again into the file under private-keys-v1.d/. To decrypt/encrypt,
> we use passphrase.
> --
>
>
More information about the Gnupg-devel
mailing list