Is --export-ssh-key functionality possible with GnuPG 2.0?

Peter Lebbing peter at
Fri Nov 25 21:37:40 CET 2016

On 25/11/16 14:36, Stephan Beck wrote:
> Would you please describe more in detail where (or in which way, in
> which use case) the window is left open?

Let me reuse a bit of quote from an earlier mail:

>>> A2) Export the secret subkey you'd like to use for ssh authentication
>>> purposes and pipe it through openpgp2ssh
>>> gpg2 --export-secret-subkeys \
>>>   --export-options export-reset-subkey-passwd [keyID!] | \
>>>   openpgp2ssh [keyID] > gpg-auth-keyfile

Here a file is created with most likely mode 0644. It contains an
unencrypted private key, and anyone being quick about it can read the
file until you have time to type....

>>> A3) Set correct permissions
>>> chmod 0600 gpg-auth-keyfile

... and from this moment on it is secure.

If somebody knew beforehand you were going to do this on a multi-user
system, he could monitor likely directories programmatically and catch
you in the act. Paranoia mode... on!



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list