Exporting secret keys with gpg 2.1

Patrick Brunschwig patrick at enigmail.net
Thu Nov 12 17:51:22 CET 2015


On 12.11.15 17:11, Werner Koch wrote:
> On Sun,  8 Nov 2015 20:04, patrick at enigmail.net said:
> 
>> or not. In other words, it's not possible for tools to know if a key was
>> really exported or not, unless you want to parse the packets in the
> 
> Right, there is no --status-fd output at all.  I have justed pushed two
> changes:
> 
>   EXPORTED  <fingerprint>
>     The key with <fingerprint> has been exported.  The fingerprint is
>     the fingerprint of the primary key even if the primary key has
>     been replaced by a stub key during secret key export.
> 
>   EXPORT_RES <args>
> 
>     Final statistics on export process (this is one long line). The
>     args are a list of unsigned numbers separated by white space:
> 
>     - <count>
>     - <secret_count>
>     - <exported>
> 
> I don't think that it makes sense to distinguish between secret and
> public for "EXPORTED".  You always know what you requested.
> 
>> Would it be possible to add something like:
>> [GNUPG:] SECRET_KEY_EXPORTED KEYID
>> [GNUPG:] EXPORT_SECRET_KEY_FAILED KEYID
> 
> The gpg-agent is a different component and it can't be clear to gpg
> whether this failed due to a wrong passphrase, missing smartcard, or
> whatever.  Thus I do not think that a failed secret key export is a good
> idea.
> 
> If you want to export just one secret key you can simply watch out for
> the corresponding "EXPORTED" line.

Great, thanks!

-Patrick




More information about the Gnupg-devel mailing list