Page MenuHome GnuPG

Expand/modify man explanation on exporting keys
Closed, ResolvedPublic


The documentation on how to export keys on gpg man page could be more clear.
As an example, the "export secret keys" option (--export-secret-keys) is blank;
this could lead the gpg newcomer to frustrating results (i.e. invoking the
command without --output and --armor).

Attached, a reworded/expanded explanation for --export , --export-secret-keys
and --export-secret-subkeys

Gpg version: 1.4.12



Event Timeline

f-a set Version to 1.4.12.
f-a added a subscriber: f-a.

I improved the description in GIT master. This will be used for all
new releases. For 2.1 it reads:


              Same as --export, but exports the secret keys instead.
              The exported keys are written to STDOUT or to the file
              given with option --output.  This command is often used
              along with the option --armor to allow easy printing of
              the key for paper backup; however the external tool
              paperkey does a better job for creating backups on
              paper.  Note that exporting a secret key can be a
              security risk if the exported keys are send over an
              insecure channel.

              The second form of the command has the special property
              to render the secret part of the primary key useless;
              this is a GNU extension to OpenPGP and other
              implementations can not be expected to successfully
              import such a key.  Its intended use is to generated a
              full key with an additional signing subkey on a
              dedicated machine and then using this command to export
              the key without the primary key to the main machine.

              GnuPG may ask you to enter the passphrase for the key.
              This is required because the internal protection method
              of the secret key is different from the one specified
              in the OpenPGP protocol.


werner claimed this task.