Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Are exported private keys in GPG still encrypted?

Tags:

export

private-key

gnupg

Are the exported private keys gotten by executing gpg --export-secret-keys still encrypted and protected by their passphrase? This seems to be the case but I can't find anywhere that explicitly confirms this.

If the exported keys are still encrypted then is there anyway to get the pure, unencrypted private key (like you can for the public segment)?

like image 815
Matuku Avatar asked Apr 02 '12 17:04

Matuku

People also ask

Are GPG private keys encrypted?

To help safeguard your key, GnuPG does not store your raw private key on disk. Instead it encrypts it using a symmetric encryption algorithm. That is why you need a passphrase to access the key.

What is export private key?

A private key is exportable only when it is specified in the certificate request or certificate template that was used to create the certificate. Strong protection (also known as iteration count) is enabled by default in the Certificate Export Wizard when you export a certificate with its associated private key.

Where does GPG store private keys?

Types of GPG keys The private GPG keys are encrypted and stored in the secret keyring, and public keys are maintained with certificates attesting to their trustworthiness in the public keyring. You can use the public key for the data encryption, and that encrypted data will be decrypted using the Private key.

2 Answers

Exported secret keys are encrypted by default, however --export-options export-reset-subkey-passwd will produce an unprotected export:

When using the --export-secret-subkeys command, this option resets the passphrases for all exported subkeys to empty. This is useful when the exported subkey is to be used on an unattended machine where a passphrase doesn't necessarily make sense. Defaults to no.

like image 64
mshroyer Avatar answered Oct 13 '22 16:10

mshroyer

Are exported secret keys still protected by their passphrase? You could find the answer to this so easily by exporting and then importing a secret key.

GnuPG has no simple way to export a private key in the way you describe. I can only hope you have a good reason for wanting to do this, and that you're aware of how dangerous it is to let the bits and bytes of an unprotected private key touch a disk. That said, the only option I see is to remove the passphrase before exporting...

gpg --edit-key KEYID > passwd > *(Press Enter twice, i.e., use a blank passphrase)* > save

PS: This should be moved to Superuser; it's off-topic here.

like image 28
rsaw Avatar answered Oct 13 '22 14:10

rsaw
Sign in to Comment

Related questions

Export DataTable to Excel File
Firebase: export user accounts’ email and password hashes
Exporting data from SQL Server Express to CSV (need quoting and escaping)
Automatically maximize a figure
How to export all rows from Datatables using Ajax?
Using export keyword with templates
Freezing columns in EPPlus (an Excel split function)
Makefile variable initialization and export
Javascript: Exporting large text/csv file crashes Google Chrome
Error while running zipalign
Export MySQL data to Excel in PHP
Export Postgres Database into CSV file
JasperReports 5.6: JRXlsExporter.setParameter is deprecated
How do I use constants from a Perl module?
Can't export constant in Typescript
How to export database with data in MSSQL?
Generate a keystore for an Android app in the Export Android Application wizard?
How do I export html table data as .csv file?
How to resize images in org-mode
XSL: Avoid exporting namespace definitions to resulting XML documents

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!