Secret key export difference in 1.4 and 2.1
Neal H. Walfield
neal at walfield.org
Wed Oct 26 11:42:41 CEST 2016
On Wed, 26 Oct 2016 11:34:04 +0200,
Justus Winter wrote:
> > On 10/26/2016 11:08 AM, Neal H. Walfield wrote:
> >> The secret key is not simply a dump of the private key material, but
> >> an OpenPGP message. This means that there are many ways to encode the
> >> same data. It wouldn't surprise me if we are using a slightly
> >> different encoding in 2.1 vs. 1.4. But, this is not a bug. What
> >> exactly is the test doing, and what is it testing for?
> >
> > Well, the test is for our exportPrivateKey() method which does just gpg
> > --export-secret-keys "fingerprint". We makes sure the output is always
> > the same. It worked with 1.4. If it's not a proper way now, we'll have
> > to change it, but I'm not sure how to do this. How to find out that
> > exported data is really the data we want. Or can I just assume that if
> > there's no error and output data contains "BEGIN PGP PRIVATE KEY BLOCK"
> > we're fine? I don't think I'll decode the message, I'd prefer some
> > simple checks.
>
> You can use --list-packets to inspect the message. Take a look at
> tests/openpgp/export.scm for inspiration. Or you can try to import the
> key into a fresh gnupghome.
Using --list-packets is okay for debugging, but the interface is not
guaranteed to be stable. Instead, you are better off doing something
like:
gpg --status-fd 1 --import exported-key.asc | grep 'IMPORT_OK [0-9]* FINGERPRINT'
:) Neal
More information about the Gnupg-devel
mailing list