exporting always prompts for password

Peter Lebbing peter at digitalbrains.com
Thu Aug 30 13:00:11 CEST 2018

On 29/08/18 16:00, Ben Edwards wrote:
> Is there any way to avoid having to pass in the password each time you
> do an export?

For GnuPG 2.1 and above: GnuPG really needs to know the password to
export an OpenPGP secret key. The key is stored on disk with a different
encryption scheme than in the export, so a decrypt-encrypt cycle is
needed to change the encryption scheme of the data.

It looks like gpg-preset-passphrase has no effect for this particular
application either. So I think you will have to pass the passphrase on
each export invocation, unless someone else has an idea :-). I did once
cobble together something that piped a passphrase from the agent
passphrase cache back to the agent; more to see if it could be done.

> I have a script that I want to use to roll the expiration
> of my keys that does does something like

Expiration is public data, why do you want to refresh the secret data as
well? On restoration from backup, just import the stale secret data and
then refresh it with the latest public data by importing that subsequently.

The secret export includes a copy of the public data, so the secret data
will indeed have stale expiration dates. But you can refresh it from a
backup of the public data.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180830/e095f00a/attachment.sig>

More information about the Gnupg-users mailing list