Exporting secret keys with gpg 2.1
Werner Koch
wk at gnupg.org
Thu Nov 12 17:11:53 CET 2015
On Sun, 8 Nov 2015 20:04, patrick at enigmail.net said:
> or not. In other words, it's not possible for tools to know if a key was
> really exported or not, unless you want to parse the packets in the
Right, there is no --status-fd output at all. I have justed pushed two
changes:
EXPORTED <fingerprint>
The key with <fingerprint> has been exported. The fingerprint is
the fingerprint of the primary key even if the primary key has
been replaced by a stub key during secret key export.
EXPORT_RES <args>
Final statistics on export process (this is one long line). The
args are a list of unsigned numbers separated by white space:
- <count>
- <secret_count>
- <exported>
I don't think that it makes sense to distinguish between secret and
public for "EXPORTED". You always know what you requested.
> Would it be possible to add something like:
> [GNUPG:] SECRET_KEY_EXPORTED KEYID
> [GNUPG:] EXPORT_SECRET_KEY_FAILED KEYID
The gpg-agent is a different component and it can't be clear to gpg
whether this failed due to a wrong passphrase, missing smartcard, or
whatever. Thus I do not think that a failed secret key export is a good
idea.
If you want to export just one secret key you can simply watch out for
the corresponding "EXPORTED" line.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list