Document how to "exchange the private key"
Closed, ResolvedPublic


gnupg2.2.4 in gpgsm.texi has

@item --export-secret-key-p12 @var{key-id}
@opindex export-secret-key-p12
Export the private key and the certificate identified by @var{key-id} in
a PKCS#12 format. When used with the @code{--armor} option a few
informational lines are prepended to the output.  Note, that the PKCS#12
format is not very secure and this command is only provided if there is
no other way to exchange the private key. (@xref{option --p12-charset}.)

for readers it would be good to point out how the mentioned exchange of the private key should work instead
and in a more secure way. I also haven't found a description for this in gpg.texi.

Use-cases are:

  • Want to move the pub- and privkeys to a second machine

I guess that for this use case, copying the relevant file from ~/.gnupg/private-keys-v1.d/ ( $GNUPGHOME/private-keys-v1.d/) from one machine to the other shall work. Is this correct?
(Readers could profit from knowing how to identify the privkey file in that directory).

bernhard updated the task description. (Show Details)
bernhard added a subscriber: werner.
werner triaged this task as Normal priority.Feb 13 2018, 12:20 PM
werner added a project: gnupg (gpg22).
werner closed this task as Resolved.Feb 22 2018, 10:31 AM
werner claimed this task.

I changed the wording to suggest the use of proper transport security.