On 30/11/15 20:10, Andrey Utkin wrote: > Is it impossible straight from RFC 4880 in any defined mode, or is > it just a wrong behaviour in GnuPG/Libgcrypt?
It is a specific bug of GnuPG 2.1, and Werner's comment on the bug entry mentioned here makes me believe he intends to fix it eventually. GnuPG 1.4 and 2.0 can export keys without passphrases, and this is fully defined in RFC 4880. > Empty passphrases are banned in several places in this software: Yes; that's because there is a difference between not encrypting stuff and encrypting it with an empty passphrase :). The latter is just silly. The only purpose of doing that is to be able to tell your client that you "encrypted it" without technically lying. And I'm not making stuff up. This actually happens (I'm looking at you, DropBox!). When a private key is stored without a passphrase, it is stored without encryption. The actual packet looks different: it clearly indicates that what follows is plaintext. If you were to encrypt it with an empty passphrase, it would actually be encrypted, but with a key that corresponds to an empty passphrase and hence would be trivially cracked by anyone. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users