Export private key

Werner Koch wk at gnupg.org
Wed Jan 6 18:33:53 CET 2021


On Wed,  6 Jan 2021 14:14, Dino Edwards said:

> Something changed in the code and it now prompts me for the key
> password before it proceeds. I see the value in this, however this is

Yes, since version 2.1.

The reasons is that the internal store for the private key uses a more
modern way of protecting the key.  Thus when exporting in the OpenPGP
format we need to re-encrypt and thus need to ask for the passphrase.

As usual since 2.1 you need to pass
  --pinentry-mode=loopback
and for example
  --passphrase-fd N

so that the gpg-agent (which does the re-encryption) does not pop up a
pinentry but asks back.

If you do not need to convey the private key in OpenPGP format you can
actually do easier:  Run gpg as in this example

  $ gpg --with-colons --with-keygrip -K USERID_OR_FPR
  sec:-:4096:1:CD21A80AC8C52565:1505892159:::q:::scESC:::+:::23::0:
  fpr:::::::::B2CCB68383325D61BAC50F9FCD21A80AC8C52565:
  grp:::::::::AEFF9F945E3F569062FAF62D21F1ADFF4D9A0345:
  uid:-::::1505892159::AE446DD05E9FF3A53C106836A52904256819CBC3::rs[...]
  ssb:-:4096:1:9883B66CDCF2F7EA:1505892215::::::e:::+:::23:
  fpr:::::::::BE280C5D679B2219748052909883B66CDCF2F7EA:
  grp:::::::::C1B641A6DD92DECA9E1E4FF92AA8B8F1F90BCAE2:

and grep for the the grp lines (keygrips); for example:

  $ [...] |  awk -F: '$1=="grp" {print $10}'
  AEFF9F945E3F569062FAF62D21F1ADFF4D9A0345
  C1B641A6DD92DECA9E1E4FF92AA8B8F1F90BCAE2

Then copy the files

  ~/.gnupg/private-key-v1.d/AEFF9F945E3F569062FAF62D21F1ADFF4D9A0345.key
  ~/.gnupg/private-key-v1.d/C1B641A6DD92DECA9E1E4FF92AA8B8F1F90BCAE2.key

to the target machine.  They are encrypted but better use a secure
channel.  You also need to copy the public keys the usual way.  Using
this method you may also selectively share a subkey.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210106/d7f617ca/attachment.sig>


More information about the Gnupg-users mailing list