How to export ASCII armored secret key without passphrase?

Peter Lebbing peter at digitalbrains.com
Wed Jan 20 18:13:47 CET 2016


On 20/01/16 17:48, Felix E. Klee wrote:
> Is there any workaround?

Install GnuPG 1.4 alongside your 2.1.10 (they co-exist perfectly, but they store
keys separately).

It then should be something like this:

$ gpg2 --export-secret-keys | gpg --import

Give some temporary passphrase, passes key from 2.1.10 to 1.4.

$ gpg --edit-key <KEYID>
[...]
gpg> passwd

Enter temporary passphrase to unlock, then give new, empty passphrase, confirm
empty passphrase.

gpg> save

Now 1.4 has a passphraseless copy of the key

$ gpg --armour -o key.asc --export-secret-keys

Now key.asc should hold a passphraseless copy of your keys. Remember that it is
also still passphraseless in the key storage of 1.4, in case that matters.

An alternative if you only want passphraseless subkeys would be:

$ gpg2 --export-secret-subkeys | gpg --import
$ gpg --armour -o key.asc --export-options export-reset-subkey-password
--export-secret-subkeys

This merely holds a stub for the primary key: there is no secret material for
the primary key.

> Command that failed without passphrase (the key doesn't have one):
> 
>     $ gpg --armor --export-secret-keys >key.txt

Is your GnuPG 2.1.10 binary invoked as "gpg", not as "gpg2"? Which OS is this
and where did you get GnuPG 2.1.10? This might be an issue if you want to
install GnuPG 1.4 alongside. I believe in Debian, the plan is to name the 2.1
binary gpg and the 1.4 binary gpg1, but that hasn't been done yet AFAIK.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list