Exporting secret keys with gpg 2.1

Werner Koch wk at gnupg.org
Thu Nov 12 17:11:53 CET 2015

On Sun,  8 Nov 2015 20:04, patrick at enigmail.net said:

> or not. In other words, it's not possible for tools to know if a key was
> really exported or not, unless you want to parse the packets in the

Right, there is no --status-fd output at all.  I have justed pushed two

  EXPORTED  <fingerprint>
    The key with <fingerprint> has been exported.  The fingerprint is
    the fingerprint of the primary key even if the primary key has
    been replaced by a stub key during secret key export.

  EXPORT_RES <args>

    Final statistics on export process (this is one long line). The
    args are a list of unsigned numbers separated by white space:

    - <count>
    - <secret_count>
    - <exported>

I don't think that it makes sense to distinguish between secret and
public for "EXPORTED".  You always know what you requested.

> Would it be possible to add something like:

The gpg-agent is a different component and it can't be clear to gpg
whether this failed due to a wrong passphrase, missing smartcard, or
whatever.  Thus I do not think that a failed secret key export is a good

If you want to export just one secret key you can simply watch out for
the corresponding "EXPORTED" line.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list