LinuxVillage

LinuxVillage welcome => Technical discussions => Discussion démarrée par: melodie le 16 juin 2014 à 22:42:59

Titre: [man gpg] Create, export, import, merge
Posté par: melodie le 16 juin 2014 à 22:42:59

Sometimes some man *are* confusing. We would wish to see the ones who wrote them just forget all what they learned and then read their own man to learn from it.

I had to create a new pair of keys. But I did it in a system where I didn't have my usual keyring so the new pair was not merged in the binary files which live in the ~/.gnupg directory. Therefore I had to export the new gpg keys and import them to the old keyring.

The man is not quite clear about how to do that and I finally had to google to find one command line that would work, instead of sending the output as a binary gibberish to the console, or just sending the same binary gibberish to a text file!

This worked: http://lists.gnupg.org/pipermail/gnupg-users/2004-July/022930.html (http://lists.gnupg.org/pipermail/gnupg-users/2004-July/022930.html)

Finally, I headed to the IRC chan, #gnupg on freenode, to talk about my findings in the man. I have been very well received by "f-a" and thanks to his help and guidance (explanations and help to rephrase) some parts of man gpg could next be changed, as a bug report will be posted. Here is what should be submitted:

Code: [Sélectionner]

      --export-secret-keys
              Same  as --export, but exports the secret keys instead. This can
              be a security risk if you send the keys through an open network.
              It can be useful if you created one or more key pairs and need to
              merge them on a computer where you already have other PGP keys.
              The key is written to STDOUT or to the file given specified by
              --output. Use along with --armor to produce ASCII output.


       --export-secret-subkeys
              Same  as --export, but exports the secret subkeys instead.  This is
              normally not very useful and a security risk.  The  second  form
              of  the  command  has  the special property to render the secret
              part of the primary key useless; this  is  a  GNU  extension  to
              OpenPGP  and  other  implementations can not be expected to suc‐
              cessfully import such a key.  See the option  --simple-sk-check‐
              sum  if  you  want  to import such an exported key with an older
              OpenPGP implementation.

       --export
              Either export all keys from all keyrings (default  keyrings  and
              those  registered via option --keyring), or if at least one name
              is given, those of the given name. The new keyring is written to
              STDOUT  or  to the file given with option --output. Use together
              with --armor to produce ASCII output (useful to, e.g. import to
      an existing keyring)
Obviously this is not a step-to-step tutorial, but from there we could see how important it is to use the -o and -a options while exporting. Importing is more simple. :)

Now, this is the bug report, posted by "f-a":
https://bugs.g10code.com/gnupg/issue1655 (https://bugs.g10code.com/gnupg/issue1655)