On 12/13/2016 10:12 AM, Marat Stanichenko wrote:
Hello,
Could you please elaborate what exactly is returned in the former and
the latter cases?
In the former case (in the absence of the secret primary key), the
--export-secret-keys command will still export a secret packet key
corresponding to the missing key, but it will be marked as a "dummy key".
Try running the following command:
$ gpg2 --list-packets secret-key
You should see (among other things) something like the following:
:secret key packet:
version 4 [...]
pkey[0]: [ bits]
pkey[1]: [ bits]
gnu-dummy S2K, algo: 0, simple checksum, hash: 0
The "gnu-dummy S2K" is the marker which will tell GnuPG that this file
does *not* actually contain the secret key.
What command one should run to get the private master key properly to
save with paperkey afterwards?
I would just use
$ gpg2 --homedir=/my/save/place --export-secret-keys | paperkey | lpr
(the last command "| lpr" would send the output directly to the printer).
This would export both the primary key and all the subkeys. If you want
to save with paperkey only the primary key, specify its ID and append a
'!' at the end:
$ gpg2 --homedir=/my/save/place --export-secret-keys '0xABCDEF10!' \
| paperkey | lpr
Hope that helps,
Damien
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users