Page MenuHome GnuPG
Create Task
Maniphest T5755

Kleopatra: Export secret subkeys
Closed, ResolvedPublic
Actions

Description

In the more details subkey view I would like to have another action for subkeys with secret -> Export to file

Which would open a save file dialog with .asc file filter for a subkey. The filename should be talkative like the suggessted file name for secret key exports like "Bernd_Brot_0xDEADBEEF_Encrypt.asc" With the difference to the secret key export the added usage in the end.

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRAfa6ff398912a Tell the command that it's finished
rKLEOPATRAb82492b44a0c Handle canceling of secret subkey export
rKLEOPATRA0d99e3324945 Fix error message and show success message
rKLEOPATRAbe741531cf8b Deprecate the old ExportSecretKeyCommand
rKLEOPATRA9c0468ebaa10 Add new implementation of ExportSecretKeyCommand
rKLEOPATRA84b3b92460b2 Remove unused public c'tors and member functions
rKLEOPATRA0c8a90d4e662 Add export of secret subkeys

Related Objects
Search...

StatusAssignedTask
Unknown Object (Maniphest Task)
 Resolved aheineckeT5755 Kleopatra: Export secret subkeys
Unknown Object (Maniphest Task)
Unknown Object (Maniphest Task)

Event Timeline

aheinecke triaged this task as Normal priority.Jan 3 2022, 10:26 AM
aheinecke created this task.
aheinecke created this object in space Restricted Space.
ikloecker added a project: Restricted Project.Jan 3 2022, 11:59 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a commit: rKLEOPATRA0c8a90d4e662: Add export of secret subkeys.Jan 6 2022, 3:29 PM
ikloecker added a commit: rKLEOPATRA84b3b92460b2: Remove unused public c'tors and member functions.Jan 10 2022, 12:39 PM
ikloecker added a commit: rKLEOPATRAbe741531cf8b: Deprecate the old ExportSecretKeyCommand.
ikloecker added a commit: rKLEOPATRA9c0468ebaa10: Add new implementation of ExportSecretKeyCommand.
ikloecker closed subtask Unknown Object (Maniphest Task) as Resolved.Jan 10 2022, 1:57 PM
ikloecker closed subtask Unknown Object (Maniphest Task) as Resolved.
ikloecker added a commit: rKLEOPATRA0d99e3324945: Fix error message and show success message.Jan 10 2022, 2:12 PM
ikloecker changed the task status from Open to Testing.Jan 27 2022, 10:44 AM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ebo closed this task as Resolved.Nov 30 2022, 12:38 PM
ebo claimed this task.
ebo added a subscriber: ebo.

works

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Apr 5 2023, 2:57 PM
aheinecke reopened this task as Open.Jul 4 2023, 1:29 PM

This has a serious usability issue. If you cancel the password entry when exporting it reports success and creates an apparently valid secret key file but without the subkey you intended to export. So worst case the user thinks he has a backup but instead has no backup :/

Exported with cancelling the password question:

berta.boss@demo.gnupg.com_0x7243F72E_SECRET_SUBKEY_0x6607DA6E_Verschlüsseln.asc977 BDownload

# off=0 ctb=95 tag=5 hlen=3 plen=277
:secret key packet:
        version 4, algo 1, created 1557992709, expires 0
        pkey[0]: [2048 bits]
        pkey[1]: [17 bits]
        gnu-dummy, algo: 0, simple checksum, hash: 0
        protect IV: 
        keyid: EE77B3D57243F72E
# off=280 ctb=b4 tag=13 hlen=2 plen=25
:user ID packet: "berta.boss@demo.gnupg.com"
# off=307 ctb=89 tag=2 hlen=3 plen=337
:signature packet: algo 1, keyid EE77B3D57243F72E
        version 4, created 1557992709, md5len 0, sigclass 0x13
        digest algo 8, begin of digest f7 50
        hashed subpkt 33 len 21 (issuer fpr v4 DC0B670A715728F0F8CCA76DEE77B3D57243F72E)
        hashed subpkt 2 len 4 (sig created 2019-05-16)
        hashed subpkt 27 len 1 (key flags: 03)
        hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
        hashed subpkt 34 len 1 (pref-aead-algos: 2)
        hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
        hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
        hashed subpkt 30 len 1 (features: 07)
        hashed subpkt 23 len 1 (keyserver preferences: 80)
        subpkt 16 len 8 (issuer key ID EE77B3D57243F72E)
        data: [2045 bits]

berta.boss@demo.gnupg.com_0x7243F72E_SECRET_SUBKEY_0x6607DA6E_Verschlüsseln_with_pass.asc2 KBDownload

# off=0 ctb=95 tag=5 hlen=3 plen=277
:secret key packet:
        version 4, algo 1, created 1557992709, expires 0
        pkey[0]: [2048 bits]
        pkey[1]: [17 bits]
        gnu-dummy, algo: 0, simple checksum, hash: 0
        protect IV: 
        keyid: EE77B3D57243F72E
# off=280 ctb=b4 tag=13 hlen=2 plen=25
:user ID packet: "berta.boss@demo.gnupg.com"
# off=307 ctb=89 tag=2 hlen=3 plen=337
:signature packet: algo 1, keyid EE77B3D57243F72E
        version 4, created 1557992709, md5len 0, sigclass 0x13
        digest algo 8, begin of digest f7 50
        hashed subpkt 33 len 21 (issuer fpr v4 DC0B670A715728F0F8CCA76DEE77B3D57243F72E)
        hashed subpkt 2 len 4 (sig created 2019-05-16)
        hashed subpkt 27 len 1 (key flags: 03)
        hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
        hashed subpkt 34 len 1 (pref-aead-algos: 2)
        hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
        hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
        hashed subpkt 30 len 1 (features: 07)
        hashed subpkt 23 len 1 (keyserver preferences: 80)
        subpkt 16 len 8 (issuer key ID EE77B3D57243F72E)
        data: [2045 bits]
# off=647 ctb=9d tag=7 hlen=3 plen=966
:secret sub key packet:
        version 4, algo 1, created 1557992709, expires 0
        pkey[0]: [2048 bits]
        pkey[1]: [17 bits]
        iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: DF22B12B3A0F2DA5
        protect count: 7864320 (206)
        protect IV:  97 82 db f5 98 3f 2c 2c dd 26 15 2f da 77 6c c3
        skey[2]: [v4 protected]
        keyid: B47052506607DA6E
# off=1616 ctb=89 tag=2 hlen=3 plen=310
:signature packet: algo 1, keyid EE77B3D57243F72E
        version 4, created 1557992709, md5len 0, sigclass 0x18
        digest algo 8, begin of digest c2 3a
        hashed subpkt 33 len 21 (issuer fpr v4 DC0B670A715728F0F8CCA76DEE77B3D57243F72E)
        hashed subpkt 2 len 4 (sig created 2019-05-16)
        hashed subpkt 27 len 1 (key flags: 0C)
        subpkt 16 len 8 (issuer key ID EE77B3D57243F72E)
        data: [2046 bits]
aheinecke reassigned this task from ebo to ikloecker.Jul 4 2023, 1:36 PM
aheinecke shifted this object from the Restricted Space space to the S1 Public space.Jul 4 2023, 1:41 PM
aheinecke removed a project: g10code.
aheinecke moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a comment.Jul 5 2023, 10:57 AM

I cannot reproduce the problem with Cancel. When I try this, I get the error "The result of the export is empty." and nothing is written to disk. I'm using GnuPG 2.4.

Anyway, handling of cancel was indeed missing.

ikloecker added a commit: rKLEOPATRAb82492b44a0c: Handle canceling of secret subkey export.Jul 5 2023, 10:58 AM
aheinecke added a comment.Jul 5 2023, 11:20 AM
In T5755#172514, @ikloecker wrote:

I cannot reproduce the problem with Cancel. When I try this, I get the error "The result of the export is empty." and nothing is written to disk. I'm using GnuPG 2.4.

Anyway, handling of cancel was indeed missing.

No, its about right clicking the encryption subkey in the more details window. For a normal secret key export I get the same results as you.

ikloecker changed the task status from Open to Testing.Jul 5 2023, 1:36 PM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Of course, it's about right clicking the encryption subkey. That's what I tested. Anyway, cancel wasn't handled properly. Now it is.

ikloecker added a comment.Jul 5 2023, 1:40 PM

gpg --export-secret-subkeys --armor 704769B8D5C15319A27C74BBB47052506607DA6E confirms that gpg 2.4.1-beta21 outputs nothing if the password entry is canceled.

aheinecke added a comment.Jul 5 2023, 3:02 PM

The original reporter mentioned that this only occurs when called from kleo. But let me recheck.

ikloecker added a commit: rKLEOPATRAfa6ff398912a: Tell the command that it's finished.Jul 5 2023, 3:09 PM
aheinecke closed this task as Resolved.Jul 5 2023, 3:15 PM
aheinecke claimed this task.

Tested and works now for me as expected. Thanks.

ikloecker added a comment.Jul 5 2023, 3:49 PM

It turned out that my pinentry reported "fully canceled" on Cancel (see T6491: Pinentry-Qt: Password prompt for each subkey if password change is cancelled) which made gpg output nothing.

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jul 24 2023, 2:13 PM