On Fri, 27 Nov 2015 at 12:39:30 +0300, Dmitrii Tcvetkov wrote: > In this case passphrase is needed to decrypt private key from keyring. > Becuase of passphrase is not provided gpg-agent can't give gpg the > private key.
Or perhaps Andrey tries to export an *unprotected* private key using GnuPG 2.1. In that case this seems to be a known issue [0]. > Private key exports in cleartext. I think this is incorrect. gpg --export's output is always in the OpenPGP format (possibly armored), while as of 2.1 private material is stored in another format (in ~/.gnupg/private-keys-v1.d/$KEYGRIP.key). Thus the agent asks for the passphrase to decrypt the private key, and gpg reencrypts it on the fly (using the same passphrase). gpg2(1) also says: --export-secret-keys GnuPG may ask you to enter the passphrase for the key. This is required because the internal protection method of the secret key is different from the one specified by the OpenPGP protocol. Indeed ‘gpg2 --export-secret-keys $KEYID | gpg --list-only --list-packets’ tells me that the secret material is protected. -- Guilhem. [0] https://bugs.gnupg.org/gnupg/issue2070
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users