Re: gpg2 export-secret-key if no master key present

2016-12-14 Thread Marat Stanichenko 
Hello,

> Hope that helps

Definitely, that answers my question completely.

Thank you very much,
Marat

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg2 export-secret-key if no master key present

2016-12-13 Thread Damien Goutte-Gattat 

On 12/13/2016 10:12 AM, Marat Stanichenko wrote:
Hello,


Could you please elaborate what exactly is returned in the former and
the latter cases?


In the former case (in the absence of the secret primary key), the 
--export-secret-keys command will still export a secret packet key 
corresponding to the missing key, but it will be marked as a "dummy key".


Try running the following command:

  $ gpg2 --list-packets secret-key

You should see (among other things) something like the following:

  :secret key packet:
  version 4 [...]
  pkey[0]: [ bits]
  pkey[1]: [ bits]
  gnu-dummy S2K, algo: 0, simple checksum, hash: 0

The "gnu-dummy S2K" is the marker which will tell GnuPG that this file 
does *not* actually contain the secret key.




What command one should run to get the private master key properly to
save with paperkey afterwards?


I would just use

  $ gpg2 --homedir=/my/save/place --export-secret-keys | paperkey | lpr

(the last command "| lpr" would send the output directly to the printer).

This would export both the primary key and all the subkeys. If you want 
to save with paperkey only the primary key, specify its ID and append a 
'!' at the end:


  $ gpg2 --homedir=/my/save/place --export-secret-keys '0xABCDEF10!' \
| paperkey | lpr


Hope that helps,

Damien



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg2 export-secret-key if no master key present

2016-12-13 Thread Marat Stanichenko 
Hello,


I created a master gpg key and an additional signing subkey. I also
backed up the whole .gnupg directory
to /my/save/place and deleted the primary key from the original .gnupg
directory by simply removing the
corresponding file under the private-keys-v1.d.

So far so good, gpg2 -K shows a sec# instead of sec and gpg2
--homedir=/my/save/place -K shows sec as expected.

However, if I run

 $ gpg2 --export-secret-keys --armor > secret-key

and

 $ gpg2 --homedir=/my/save/place --export-secret-keys --armor >
secret-key-original

both commands return something of similar size. Although results are different.


Could you please elaborate what exactly is returned in the former and
the latter cases?

What command one should run to get the private master key properly to
save with paperkey afterwards?


Many thanks in advance!

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users