How to export ASCII armored secret key without passphrase?
peter at digitalbrains.com
Wed Jan 20 18:13:47 CET 2016
On 20/01/16 17:48, Felix E. Klee wrote:
> Is there any workaround?
Install GnuPG 1.4 alongside your 2.1.10 (they co-exist perfectly, but they store
It then should be something like this:
$ gpg2 --export-secret-keys | gpg --import
Give some temporary passphrase, passes key from 2.1.10 to 1.4.
$ gpg --edit-key <KEYID>
Enter temporary passphrase to unlock, then give new, empty passphrase, confirm
Now 1.4 has a passphraseless copy of the key
$ gpg --armour -o key.asc --export-secret-keys
Now key.asc should hold a passphraseless copy of your keys. Remember that it is
also still passphraseless in the key storage of 1.4, in case that matters.
An alternative if you only want passphraseless subkeys would be:
$ gpg2 --export-secret-subkeys | gpg --import
$ gpg --armour -o key.asc --export-options export-reset-subkey-password
This merely holds a stub for the primary key: there is no secret material for
the primary key.
> Command that failed without passphrase (the key doesn't have one):
> $ gpg --armor --export-secret-keys >key.txt
Is your GnuPG 2.1.10 binary invoked as "gpg", not as "gpg2"? Which OS is this
and where did you get GnuPG 2.1.10? This might be an issue if you want to
install GnuPG 1.4 alongside. I believe in Debian, the plan is to name the 2.1
binary gpg and the 1.4 binary gpg1, but that hasn't been done yet AFAIK.
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users