Secret key export difference in 1.4 and 2.1
Justus Winter
justus at g10code.com
Wed Oct 26 11:34:04 CEST 2016
"A.L.E.C" <alec at alec.pl> writes:
> On 10/26/2016 11:08 AM, Neal H. Walfield wrote:
>> The secret key is not simply a dump of the private key material, but
>> an OpenPGP message. This means that there are many ways to encode the
>> same data. It wouldn't surprise me if we are using a slightly
>> different encoding in 2.1 vs. 1.4. But, this is not a bug. What
>> exactly is the test doing, and what is it testing for?
>
> Well, the test is for our exportPrivateKey() method which does just gpg
> --export-secret-keys "fingerprint". We makes sure the output is always
> the same. It worked with 1.4. If it's not a proper way now, we'll have
> to change it, but I'm not sure how to do this. How to find out that
> exported data is really the data we want. Or can I just assume that if
> there's no error and output data contains "BEGIN PGP PRIVATE KEY BLOCK"
> we're fine? I don't think I'll decode the message, I'd prefer some
> simple checks.
You can use --list-packets to inspect the message. Take a look at
tests/openpgp/export.scm for inspiration. Or you can try to import the
key into a fresh gnupghome.
Justus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 454 bytes
Desc: not available
URL: </pipermail/attachments/20161026/ef8a1d4c/attachment.sig>
More information about the Gnupg-devel
mailing list