Private key transfer format
gniibe at fsij.org
Fri Apr 10 07:01:58 CEST 2015
On 04/09/2015 11:00 PM, NIIBE Yutaka wrote:
> I thought it was a regression. In GnuPG 1.4 and 2.0, some people did
> --export-secret-keys for smartcard. Well, I naively tried to "fix"
> as a response to the bug report.
> Yes, I think that we can just drop the support of --export-secret-keys
> for smartcard, and fix documentations.
> Well, in my opinion, it is unlikely there are some smartcard users who
> expect serial number exact check by GnuPG with --export-secret-keys in
> a machine and --import on another machine.
Sorry, this attitude of mine is wrong somehow. It's my near sight, I
only considered about GnuPG. It's complicated.
Perhaps, this requires changing some existing practice(?, so to say).
I found a document with --export-secret-subkey for stub:
And, it is described in FAQ of OpenKeychain:
Although exporting the stub was not intended feature in GnuPG 1.4 and
2.0, people used that (beyond GnuPG).
We could/should convince OpenKeychain (or other OpenPGP application,
if any) about handling of secret key stub; there is no need to export
and import secret key stub, but stub can be generated by smartcard
Let me confirm the current position of GnuPG 2.1: For new machine, it
is a public key of OpenPGP we need to import (or fetch) and stub
could/should be generated with a smartcard (gpg --card-status does
Note that the background of the issue1937  is exporting the stub
from GnuPG and importing it to OpenKeychain (that is, into different
application of OpenPGP).
More information about the Gnupg-devel