Go gpg, guess, what I want
Daniel.Ranft at giepa.de
Tue May 17 14:58:41 CEST 2016
Today I want to discuss about a situation, where gpg seems to guess, what I want to do (which is IMHO not a good idea).
If I export a keypair (gpg -a -o C:\some\where.asc --export-secret-keys abcd1234), the pinentry will pop up for each primary-/subkey to prompt for the passphrase. So far, so good. When I cancel the first prompt, gpg still tries to export the other subkeys to generate a somehow usefull output. That is, what I think is guessing.
Result when I only cancel the first prompt, but not the second:
I get a file which contains only the secret subkey and its binding sig:
# off=0 ctb=9d tag=7 hlen=3 plen=966
:secret sub key packet:
version 4, algo 1, created 1283427770, expires 0
pkey: [2048 bits]
pkey: [17 bits]
iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: =LONGKEY=
protect count: 4980736 (195)
protect IV: 2f 89 b9 0a 22 c5 6d 50 4d 8b a2 53 1f 53 50 bf
skey: [v4 protected]
# off=969 ctb=89 tag=2 hlen=3 plen=293
:signature packet: algo 1, keyid =LONGKEY=
version 4, created 1427802947, md5len 0, sigclass 0x18
digest algo 2, begin of digest 13 ab
hashed subpkt 27 len 1 (key flags: 0C)
hashed subpkt 2 len 4 (sig created 2015-03-31)
hashed subpkt 9 len 4 (key expires after 6y211d0h12m)
subpkt 16 len 8 (issuer key ID =LONGKEY=)
data: [2044 bits]
FWIW: When I cancel the first prompt, gpg should stop the export of the complete key. If there are several keys to export, gpg should still process the other keys.
If I would have wanted to export the subkey only, I would have used the exclamation mark syntax.
More information about the Gnupg-users