--export-options export-reset-subkey-passwd
Daniele Nicolodi
daniele at grinta.net
Mon Jan 29 01:37:40 CET 2018
On 23/08/2017 23:59, Werner Koch wrote:
> On Sun, 13 Aug 2017 08:17, daniele at grinta.net said:
>
>> Digging a bit more, it seems that the functionality got dropped because
>> with GnuPG 2.x all key manipulations go through gpg-agent and it does
>> not (yet?) support password reset on expert.
>
> Unfortunately this is still an open bug:
>
> https://dev.gnupg.org/T1753
>
> we won't be able to fix it for 2.2.0 but given that it is marked as a
> bug it can and should be fixed in the soon to be release 2.2 series.
As a work around I come up with this simple script, which has the sole
problem of asking the secret subkey passphrase a few times too much, and
to require to explicitly enter an empty passphrase.
Let me know if it is excessively dummy or if there is a better way.
Cheers,
Daniele
#!/bin/sh
set -e
KEY="$1"
shift
# make sure to have a "!" at the end of the key fingerprint to export
# exclusively the corresponding subkey and not the primary key
if [ "$KEY" == "${KEY%\!}" ]
then
KEY="$KEY"\!
fi
umask 0077
TMPDIR=$(mktemp -d)
trap "rm -r $TMPDIR; exit" 0 1 2 3 15
gpg --export-secret-subkey "$KEY" | gpg --home $TMPDIR --import
gpg --home $TMPDIR --change-passphrase "$KEY"
gpg --home $TMPDIR --armor "$@" --export-secret-subkey "$KEY"
More information about the Gnupg-users
mailing list