In the more details subkey view I would like to have another action for subkeys with secret -> Export to file
Which would open a save file dialog with .asc file filter for a subkey. The filename should be talkative like the suggessted file name for secret key exports like "Bernd_Brot_0xDEADBEEF_Encrypt.asc" With the difference to the secret key export the added usage in the end.
| rKLEOPATRA Kleopatra | |||
| rKLEOPATRAfa6ff398912a Tell the command that it's finished | |||
| rKLEOPATRAb82492b44a0c Handle canceling of secret subkey export | |||
| rKLEOPATRA0d99e3324945 Fix error message and show success message | |||
| rKLEOPATRAbe741531cf8b Deprecate the old ExportSecretKeyCommand | |||
| rKLEOPATRA9c0468ebaa10 Add new implementation of ExportSecretKeyCommand | |||
| rKLEOPATRA84b3b92460b2 Remove unused public c'tors and member functions | |||
| rKLEOPATRA0c8a90d4e662 Add export of secret subkeys | |||
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Unknown Object (Maniphest Task) | ||||
| Resolved | aheinecke | T5755 Kleopatra: Export secret subkeys | ||
| Unknown Object (Maniphest Task) | ||||
| Unknown Object (Maniphest Task) |
This has a serious usability issue. If you cancel the password entry when exporting it reports success and creates an apparently valid secret key file but without the subkey you intended to export. So worst case the user thinks he has a backup but instead has no backup :/
Exported with cancelling the password question:
# off=0 ctb=95 tag=5 hlen=3 plen=277
:secret key packet:
version 4, algo 1, created 1557992709, expires 0
pkey[0]: [2048 bits]
pkey[1]: [17 bits]
gnu-dummy, algo: 0, simple checksum, hash: 0
protect IV:
keyid: EE77B3D57243F72E
# off=280 ctb=b4 tag=13 hlen=2 plen=25
:user ID packet: "berta.boss@demo.gnupg.com"
# off=307 ctb=89 tag=2 hlen=3 plen=337
:signature packet: algo 1, keyid EE77B3D57243F72E
version 4, created 1557992709, md5len 0, sigclass 0x13
digest algo 8, begin of digest f7 50
hashed subpkt 33 len 21 (issuer fpr v4 DC0B670A715728F0F8CCA76DEE77B3D57243F72E)
hashed subpkt 2 len 4 (sig created 2019-05-16)
hashed subpkt 27 len 1 (key flags: 03)
hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
hashed subpkt 34 len 1 (pref-aead-algos: 2)
hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 07)
hashed subpkt 23 len 1 (keyserver preferences: 80)
subpkt 16 len 8 (issuer key ID EE77B3D57243F72E)
data: [2045 bits]# off=0 ctb=95 tag=5 hlen=3 plen=277
:secret key packet:
version 4, algo 1, created 1557992709, expires 0
pkey[0]: [2048 bits]
pkey[1]: [17 bits]
gnu-dummy, algo: 0, simple checksum, hash: 0
protect IV:
keyid: EE77B3D57243F72E
# off=280 ctb=b4 tag=13 hlen=2 plen=25
:user ID packet: "berta.boss@demo.gnupg.com"
# off=307 ctb=89 tag=2 hlen=3 plen=337
:signature packet: algo 1, keyid EE77B3D57243F72E
version 4, created 1557992709, md5len 0, sigclass 0x13
digest algo 8, begin of digest f7 50
hashed subpkt 33 len 21 (issuer fpr v4 DC0B670A715728F0F8CCA76DEE77B3D57243F72E)
hashed subpkt 2 len 4 (sig created 2019-05-16)
hashed subpkt 27 len 1 (key flags: 03)
hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
hashed subpkt 34 len 1 (pref-aead-algos: 2)
hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 07)
hashed subpkt 23 len 1 (keyserver preferences: 80)
subpkt 16 len 8 (issuer key ID EE77B3D57243F72E)
data: [2045 bits]
# off=647 ctb=9d tag=7 hlen=3 plen=966
:secret sub key packet:
version 4, algo 1, created 1557992709, expires 0
pkey[0]: [2048 bits]
pkey[1]: [17 bits]
iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: DF22B12B3A0F2DA5
protect count: 7864320 (206)
protect IV: 97 82 db f5 98 3f 2c 2c dd 26 15 2f da 77 6c c3
skey[2]: [v4 protected]
keyid: B47052506607DA6E
# off=1616 ctb=89 tag=2 hlen=3 plen=310
:signature packet: algo 1, keyid EE77B3D57243F72E
version 4, created 1557992709, md5len 0, sigclass 0x18
digest algo 8, begin of digest c2 3a
hashed subpkt 33 len 21 (issuer fpr v4 DC0B670A715728F0F8CCA76DEE77B3D57243F72E)
hashed subpkt 2 len 4 (sig created 2019-05-16)
hashed subpkt 27 len 1 (key flags: 0C)
subpkt 16 len 8 (issuer key ID EE77B3D57243F72E)
data: [2046 bits]I cannot reproduce the problem with Cancel. When I try this, I get the error "The result of the export is empty." and nothing is written to disk. I'm using GnuPG 2.4.
Anyway, handling of cancel was indeed missing.
No, its about right clicking the encryption subkey in the more details window. For a normal secret key export I get the same results as you.
Of course, it's about right clicking the encryption subkey. That's what I tested. Anyway, cancel wasn't handled properly. Now it is.
gpg --export-secret-subkeys --armor 704769B8D5C15319A27C74BBB47052506607DA6E confirms that gpg 2.4.1-beta21 outputs nothing if the password entry is canceled.
The original reporter mentioned that this only occurs when called from kleo. But let me recheck.
It turned out that my pinentry reported "fully canceled" on Cancel (see T6491: Pinentry-Qt: Password prompt for each subkey if password change is cancelled) which made gpg output nothing.