Private key transfer format

NIIBE Yutaka gniibe at
Fri Apr 10 07:01:58 CEST 2015

On 04/09/2015 11:00 PM, NIIBE Yutaka wrote:
> I thought it was a regression.  In GnuPG 1.4 and 2.0, some people did
> --export-secret-keys for smartcard.  Well, I naively tried to "fix"
> as a response to the bug report.
> Yes, I think that we can just drop the support of --export-secret-keys
> for smartcard, and fix documentations.
> Well, in my opinion, it is unlikely there are some smartcard users who
> expect serial number exact check by GnuPG with --export-secret-keys in
> a machine and --import on another machine.

Sorry, this attitude of mine is wrong somehow.  It's my near sight, I
only considered about GnuPG.  It's complicated.

Perhaps, this requires changing some existing practice(?, so to say).
I found a document with --export-secret-subkey for stub:

And, it is described in FAQ of OpenKeychain:

Although exporting the stub was not intended feature in GnuPG 1.4 and
2.0, people used that (beyond GnuPG).

We could/should convince OpenKeychain (or other OpenPGP application,
if any) about handling of secret key stub; there is no need to export
and import secret key stub, but stub can be generated by smartcard

Let me confirm the current position of GnuPG 2.1: For new machine, it
is a public key of OpenPGP we need to import (or fetch) and stub
could/should be generated with a smartcard (gpg --card-status does

Note that the background of the issue1937 [0] is exporting the stub
from GnuPG and importing it to OpenKeychain (that is, into different
application of OpenPGP).


More information about the Gnupg-devel mailing list