--export-options export-reset-subkey-passwd

Daniele Nicolodi daniele at grinta.net
Mon Jan 29 01:37:40 CET 2018

On 23/08/2017 23:59, Werner Koch wrote:
> On Sun, 13 Aug 2017 08:17, daniele at grinta.net said:
>> Digging a bit more, it seems that the functionality got dropped because
>> with GnuPG 2.x all key manipulations go through gpg-agent and it does
>> not (yet?) support password reset on expert.
> Unfortunately this is still an open bug:
>   https://dev.gnupg.org/T1753
> we won't be able to fix it for 2.2.0 but given that it is marked as a
> bug it can and should be fixed in the soon to be release 2.2 series.

As a work around I come up with this simple script, which has the sole
problem of asking the secret subkey passphrase a few times too much, and
to require to explicitly enter an empty passphrase.

Let me know if it is excessively dummy or if there is a better way.



set -e


# make sure to have a "!" at the end of the key fingerprint to export
# exclusively the corresponding subkey and not the primary key
if [ "$KEY" == "${KEY%\!}" ]

umask 0077
TMPDIR=$(mktemp -d)
trap "rm -r $TMPDIR; exit" 0 1 2 3 15

gpg --export-secret-subkey "$KEY" | gpg --home $TMPDIR --import
gpg --home $TMPDIR --change-passphrase "$KEY"
gpg --home $TMPDIR --armor "$@" --export-secret-subkey "$KEY"

More information about the Gnupg-users mailing list