when sending the EXPORT_KEY command to gpg-agent, if gpg-agent encounters a "protected" secret key, it needs to prompt the user to decrypt it. It does this with pinentry.
When it invokes pinentry, it sends:
(as it should).
however, it also sends:
though i think it should be sending
(for whatever the $KEYGRIP should be).
As far as i can tell, the right fix for this is:
diff --git a/agent/command.c b/agent/command.c index 4839ffebf..ea6bfa91d 100644 --- a/agent/command.c +++ b/agent/command.c @@ -2320,7 +2320,7 @@ cmd_export_key (assuan_context_t ctx, char *line) the passphrase so that we can use it to re-encrypt it. */ err = agent_key_from_file (ctrl, cache_nonce, ctrl->server_local->keydesc, grip, - &shadow_info, CACHE_MODE_IGNORE, NULL, &s_skey, + &shadow_info, CACHE_MODE_NORMAL, NULL, &s_skey, openpgp ? &passphrase : NULL); if (err) goto leave;
This would have an effect on the agent-transfer component of monkeysphere, as discussed on the monkeysphere list.