Why gpg 2.1.9 cannot export secret key without passphrase?

Peter Lebbing peter at digitalbrains.com
Fri Nov 27 12:28:07 CET 2015

On 27/11/15 10:39, Dmitrii Tcvetkov wrote:
> Private key exports in cleartext.

Are you sure? I can't export an unprotected private key. The topic has come up
earlier on this mailing list, in [1].

If I have a passphrase on a private key, and I export it, it prompts me for the
passphrase and the exported key is protected by the passphrase.

If I don't have a passphrase set for a key and I export it, it prompts me as

> This key (or subkey) is not protected with a passphrase. Please enter a new 
> passphrase to export it.

If I don't enter a passphrase, it prompts me again warning me this is a bad
idea, I stubbornly choose "Yes, protection is not needed". Then the terminal

> gpg: key DCDFDFA4: error receiving key from agent: No passphrase given - skipped

And it fails.

I think it makes sense to be able to store a private key without a passphrase in
a safe place (as in: an actual safe), so you don't run the risk that you forgot
the passphrase. Currently, this is not possible, but of course you can use the
passphrase "passphrase", make a note that that is your passphrase and store the
note in the same safe.



[1] https://lists.gnupg.org/pipermail/gnupg-devel/2014-October/028919.html

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list