Exporting secret keys with gpg 2.1

Werner Koch wk at gnupg.org
Thu Nov 12 17:11:53 CET 2015


On Sun,  8 Nov 2015 20:04, patrick at enigmail.net said:

> or not. In other words, it's not possible for tools to know if a key was
> really exported or not, unless you want to parse the packets in the

Right, there is no --status-fd output at all.  I have justed pushed two
changes:

  EXPORTED  <fingerprint>
    The key with <fingerprint> has been exported.  The fingerprint is
    the fingerprint of the primary key even if the primary key has
    been replaced by a stub key during secret key export.

  EXPORT_RES <args>

    Final statistics on export process (this is one long line). The
    args are a list of unsigned numbers separated by white space:

    - <count>
    - <secret_count>
    - <exported>

I don't think that it makes sense to distinguish between secret and
public for "EXPORTED".  You always know what you requested.

> Would it be possible to add something like:
> [GNUPG:] SECRET_KEY_EXPORTED KEYID
> [GNUPG:] EXPORT_SECRET_KEY_FAILED KEYID

The gpg-agent is a different component and it can't be clear to gpg
whether this failed due to a wrong passphrase, missing smartcard, or
whatever.  Thus I do not think that a failed secret key export is a good
idea.

If you want to export just one secret key you can simply watch out for
the corresponding "EXPORTED" line.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list