You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The master key and sub-keys will be encrypted with your passphrase when exported.
However I see no indication in the GPG man page that this is the case?
--export-secret-keys
--export-secret-subkeys
Same as --export, but exports the secret keys instead. The exported keys are written to STDOUT or to the file given with option
--output. This command is often used along with the option --armor to allow for easy printing of the key for paper backup; however
the external tool paperkey does a better job of creating backups on paper. Note that exporting a secret key can be a security risk
if the exported keys are sent over an insecure channel.
The second form of the command has the special property to render the secret part of the primary key useless; this is a GNU extension
to OpenPGP and other implementations can not be expected to successfully import such a key. Its intended use is in generating a full
key with an additional signing subkey on a dedicated machine. This command then exports the key without the primary key to the main
machine.
GnuPG may ask you to enter the passphrase for the key. This is required, because the internal protection method of the secret key is
different from the one specified by the OpenPGP protocol.
I know I could export and import the keys to verify weather this is the case but the who process is pretty confusing and I it's difficult to recover from mistakes so any feedback will be greatly appreciated!
The text was updated successfully, but these errors were encountered:
There is a comment in the papercopy "Security" section that support the claim that exported keys are encrypted with the passphrase:
If your key has a passphrase on it (i.e. is encrypted), the paper copy is similarly encrypted. If your key has no passphrase, neither does the paper copy. Whatever the passphrase (or lack thereof) was on the original secret key will be the same on the reconstructed key.
My assumption is keys are encrypted symmetrically if a password is required to import them. If anyone has evidence to the contrary, please reopen and enlighten us.
In the Export Secrete Keys of the README it states:
However I see no indication in the GPG man page that this is the case?
I know I could export and import the keys to verify weather this is the case but the who process is pretty confusing and I it's difficult to recover from mistakes so any feedback will be greatly appreciated!
The text was updated successfully, but these errors were encountered: