LinuxVillage welcome > Technical discussions
[man gpg] Create, export, import, merge
(1/1)
melodie:
Sometimes some man *are* confusing. We would wish to see the ones who wrote them just forget all what they learned and then read their own man to learn from it.
I had to create a new pair of keys. But I did it in a system where I didn't have my usual keyring so the new pair was not merged in the binary files which live in the ~/.gnupg directory. Therefore I had to export the new gpg keys and import them to the old keyring.
The man is not quite clear about how to do that and I finally had to google to find one command line that would work, instead of sending the output as a binary gibberish to the console, or just sending the same binary gibberish to a text file!
This worked: http://lists.gnupg.org/pipermail/gnupg-users/2004-July/022930.html
Finally, I headed to the IRC chan, #gnupg on freenode, to talk about my findings in the man. I have been very well received by "f-a" and thanks to his help and guidance (explanations and help to rephrase) some parts of man gpg could next be changed, as a bug report will be posted. Here is what should be submitted:
--- Code: --- --export-secret-keys
Same as --export, but exports the secret keys instead. This can
be a security risk if you send the keys through an open network.
It can be useful if you created one or more key pairs and need to
merge them on a computer where you already have other PGP keys.
The key is written to STDOUT or to the file given specified by
--output. Use along with --armor to produce ASCII output.
--export-secret-subkeys
Same as --export, but exports the secret subkeys instead. This is
normally not very useful and a security risk. The second form
of the command has the special property to render the secret
part of the primary key useless; this is a GNU extension to
OpenPGP and other implementations can not be expected to suc‐
cessfully import such a key. See the option --simple-sk-check‐
sum if you want to import such an exported key with an older
OpenPGP implementation.
--export
Either export all keys from all keyrings (default keyrings and
those registered via option --keyring), or if at least one name
is given, those of the given name. The new keyring is written to
STDOUT or to the file given with option --output. Use together
with --armor to produce ASCII output (useful to, e.g. import to
an existing keyring)
--- Fin du code ---
Obviously this is not a step-to-step tutorial, but from there we could see how important it is to use the -o and -a options while exporting. Importing is more simple. :)
Now, this is the bug report, posted by "f-a":
https://bugs.g10code.com/gnupg/issue1655
Navigation
Utiliser la version classique