Why gpg 2.1.9 cannot export secret key without passphrase?
Peter Lebbing
peter at digitalbrains.com
Fri Nov 27 12:28:07 CET 2015
On 27/11/15 10:39, Dmitrii Tcvetkov wrote:
> Private key exports in cleartext.
Are you sure? I can't export an unprotected private key. The topic has come up
earlier on this mailing list, in [1].
If I have a passphrase on a private key, and I export it, it prompts me for the
passphrase and the exported key is protected by the passphrase.
If I don't have a passphrase set for a key and I export it, it prompts me as
follows:
> This key (or subkey) is not protected with a passphrase. Please enter a new
> passphrase to export it.
If I don't enter a passphrase, it prompts me again warning me this is a bad
idea, I stubbornly choose "Yes, protection is not needed". Then the terminal
prompts:
> gpg: key DCDFDFA4: error receiving key from agent: No passphrase given - skipped
And it fails.
I think it makes sense to be able to store a private key without a passphrase in
a safe place (as in: an actual safe), so you don't run the risk that you forgot
the passphrase. Currently, this is not possible, but of course you can use the
passphrase "passphrase", make a note that that is your passphrase and store the
note in the same safe.
HTH,
Peter.
[1] https://lists.gnupg.org/pipermail/gnupg-devel/2014-October/028919.html
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list