--export-options export-reset-subkey-passwd in gpg 2.1.x
Werner Koch
wk at gnupg.org
Thu Oct 9 08:13:26 CEST 2014
On Thu, 9 Oct 2014 01:31, dkg at fifthhorseman.net said:
> It's not clear to me what the "specialized secret key export tool" is --
> does this tool exist or is it hypothetical at the moment?
Hypothetical. I guess I was only too lazy to implement that given that
I only had the use case in mind for which I created it.
The real problem is that we can't export with a passphrase right now.
gpg-agent would need to be extended to export the key without a
passphrase.
> -c (require confirmation -- gpg-agent accepts but does not honor this flag)
This used to work but I have not tested it recently:
prompt = xtryasprintf (_("An ssh process requested the use of key%%0A"
" %s%%0A"
" (%s)%%0A"
"Do you want to allow this?"),
> -d (delete key -- gpg-agent accepts but does not honor this flag)
> -D (delete all keys -- gpg-agent rejects this flag with an error)
Indeed the semantics are different: gpg-agent stores the key permanently
and thus all keys are always available. The passphrase chaching comes
on top of it.
> -t N (limit key lifetime to N seconds -- gpg-agent accepts but does not honor this flag)
That could be translated into: store a default caching time for ssh use
with that key. For example by putting that into ~/.gnupg/sshcontrol
> -x (lock agent with password -- gpg-agent accepts but does not honor this flag)
Doesn't match the way gpg-agent works.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list