Secret key export difference in 1.4 and 2.1

Justus Winter justus at
Wed Oct 26 11:34:04 CEST 2016

"A.L.E.C" <alec at> writes:

> On 10/26/2016 11:08 AM, Neal H. Walfield wrote:
>> The secret key is not simply a dump of the private key material, but
>> an OpenPGP message.  This means that there are many ways to encode the
>> same data.  It wouldn't surprise me if we are using a slightly
>> different encoding in 2.1 vs. 1.4.  But, this is not a bug.  What
>> exactly is the test doing, and what is it testing for?
> Well, the test is for our exportPrivateKey() method which does just gpg
> --export-secret-keys "fingerprint". We makes sure the output is always
> the same. It worked with 1.4. If it's not a proper way now, we'll have
> to change it, but I'm not sure how to do this. How to find out that
> exported data is really the data we want. Or can I just assume that if
> there's no error and output data contains "BEGIN PGP PRIVATE KEY BLOCK"
> we're fine? I don't think I'll decode the message, I'd prefer some
> simple checks.

You can use --list-packets to inspect the message.  Take a look at
tests/openpgp/export.scm for inspiration.  Or you can try to import the
key into a fresh gnupghome.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 454 bytes
Desc: not available
URL: </pipermail/attachments/20161026/ef8a1d4c/attachment.sig>

More information about the Gnupg-devel mailing list