<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap=""> box1$ gpg --export-secret-key FINGERPRINT >key.sec
box2$ gpg --import key.sec</pre>
</blockquote>
OK, I see why this works. Because the salt, IV and protect count
are all stored in plain alongside the encrypted version of the
secret key.<br>
<br>
However, my secret key packets do not have that `iter+salt`,
`protect count` and `protect IV` parts. They have the plain `skey`
parts. That may be the reason why my subsequent exports are
byte-equal.<br>
<br>
Now, the issue that I have is that `gpg --passwd <key_id>`
says that my key is protected by a passphrase. It asks for the
current passphrase before it lets me type in the new one. How can
it be that `gpg --passwd <key_id>` asks for the passphrase
if `gpg --list-packets <key_id>` does not have the
`iter+salt` part? In other words, is <key_id> protected by a
passphrase or not?<br>
</p>
<div class="moz-cite-prefix">On 12/22/20 1:46 AM, Werner Koch wrote:<br>
</div>
<blockquote type="cite"
cite="mid:8735zywd6z.fsf@wheatstone.g10code.de">
<pre class="moz-quote-pre" wrap="">On Mon, 21 Dec 2020 18:47, Novak Boškov said:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">So, the two subsequent exports are supposed to give me my private key
encrypted with two different AES keys (same passphrase + a different salt)?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Right:
First packet of the first export:
# off=0 ctb=95 tag=5 hlen=3 plen=1414
:secret key packet:
version 4, algo 1, created 1568715099, expires 0
pkey[0]: [3072 bits]
pkey[1]: [17 bits]
iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: E28C8328510DEDC0
protect count: 30408704 (237)
protect IV: 6e a3 36 63 19 2c fc 87 b2 c6 be d3 03 41 09 56
skey[2]: [v4 protected]
keyid: F29010625F3EDDDA
First packet of the second export:
# off=0 ctb=95 tag=5 hlen=3 plen=1414
:secret key packet:
version 4, algo 1, created 1568715099, expires 0
pkey[0]: [3072 bits]
pkey[1]: [17 bits]
iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: 24725FA6DAA0883C
protect count: 30408704 (237)
protect IV: f5 29 51 fe 73 02 1a 31 19 fd bf fe ae 37 ef 23
skey[2]: [v4 protected]
keyid: F29010625F3EDDDA
You see that the salt and the IV are both different. The protection
count is the same because this is a constant computed by gpg-agent at
startup my measuring the speed of the KDF. The actual encrypted key
data (not shown) is also different.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">How does transferring the keys to a different machine is supposed to
work then?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
box1$ gpg --export-secret-key FINGERPRINT >key.sec
box2$ gpg --import key.sec
You need to enter the passphrase during export. For import the
re-encryption is delayed until the key is used and thus you won't need a
passphrase immediately.
Shalom-Salam,
Werner
</pre>
</blockquote>
<div class="moz-signature">-- <br>
Novak Boškov<br>
<i>PhD Student</i><br>
<i>Electrical & Computer Engineering Department</i><br>
<i>Boston University</i></div>
</body>
</html>