On 12/13/2016 10:12 AM, Marat Stanichenko wrote: Hello,
Could you please elaborate what exactly is returned in the former and the latter cases?
In the former case (in the absence of the secret primary key), the --export-secret-keys command will still export a secret packet key corresponding to the missing key, but it will be marked as a "dummy key".
Try running the following command:
$ gpg2 --list-packets secret-key
You should see (among other things) something like the following:
:secret key packet:
version 4 [...]
pkey[0]: [xxxx bits]
pkey[1]: [xxxx bits]
gnu-dummy S2K, algo: 0, simple checksum, hash: 0
The "gnu-dummy S2K" is the marker which will tell GnuPG that this file
does *not* actually contain the secret key.
What command one should run to get the private master key properly to save with paperkey afterwards?
I would just use $ gpg2 --homedir=/my/save/place --export-secret-keys | paperkey | lpr (the last command "| lpr" would send the output directly to the printer).This would export both the primary key and all the subkeys. If you want to save with paperkey only the primary key, specify its ID and append a '!' at the end:
$ gpg2 --homedir=/my/save/place --export-secret-keys '0xABCDEF10!' \
| paperkey | lpr
Hope that helps,
Damien
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
