Exporting secret keys with gpg 2.1
Patrick Brunschwig
patrick at enigmail.net
Thu Nov 12 17:51:22 CET 2015
On 12.11.15 17:11, Werner Koch wrote:
> On Sun, 8 Nov 2015 20:04, patrick at enigmail.net said:
>
>> or not. In other words, it's not possible for tools to know if a key was
>> really exported or not, unless you want to parse the packets in the
>
> Right, there is no --status-fd output at all. I have justed pushed two
> changes:
>
> EXPORTED <fingerprint>
> The key with <fingerprint> has been exported. The fingerprint is
> the fingerprint of the primary key even if the primary key has
> been replaced by a stub key during secret key export.
>
> EXPORT_RES <args>
>
> Final statistics on export process (this is one long line). The
> args are a list of unsigned numbers separated by white space:
>
> - <count>
> - <secret_count>
> - <exported>
>
> I don't think that it makes sense to distinguish between secret and
> public for "EXPORTED". You always know what you requested.
>
>> Would it be possible to add something like:
>> [GNUPG:] SECRET_KEY_EXPORTED KEYID
>> [GNUPG:] EXPORT_SECRET_KEY_FAILED KEYID
>
> The gpg-agent is a different component and it can't be clear to gpg
> whether this failed due to a wrong passphrase, missing smartcard, or
> whatever. Thus I do not think that a failed secret key export is a good
> idea.
>
> If you want to export just one secret key you can simply watch out for
> the corresponding "EXPORTED" line.
Great, thanks!
-Patrick
More information about the Gnupg-devel
mailing list