TransWikia.com

What is --export-secret-subkeys used for?

Super User Asked on February 19, 2021

From the docs:

--export-secret-keys
--export-secret-subkeys

    Same as --export, but exports the secret keys instead. The exported keys are written to STDOUT or to the file given with option --output. This command is often used along with the option --armor to allow for easy printing of the key for paper backup; however the external tool paperkey does a better job of creating backups on paper. Note that exporting a secret key can be a security risk if the exported keys are sent over an insecure channel.

    The second form of the command has the special property to render the secret part of the primary key useless; this is a GNU extension to OpenPGP and other implementations can not be expected to successfully import such a key. Its intended use is in generating a full key with an additional signing subkey on a dedicated machine. This command then exports the key without the primary key to the main machine.

    GnuPG may ask you to enter the passphrase for the key. This is required, because the internal protection method of the secret key is different from the one specified by the OpenPGP protocol.

I don’t understand what "The second form of the command has the special property…" means and I spent a considerable amount of time trying to figure it out searching the web.

Trying to figure out if using --export-secret-keys includes master and subkeys (in the context of backing up both). This is sensitive stuff… want to make sure I have my facts straight.

Can someone please ELI5?

One Answer

It means that the --export-secret-subkeys option (second form of the command) will export dummy packets for the primary key, so effectly only sub keys are exported.

See also this guide from Debian (search "dummy OpenPGP packet").

Answered by xhh on February 19, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP