gpg2 export-secret-key if no master key present

[Damien Goutte-Gattat]

On 12/13/2016 10:12 AM, Marat Stanichenko wrote:
Hello,

> Could you please elaborate what exactly is returned in the former and
> the latter cases?

In the former case (in the absence of the secret primary key), the 
--export-secret-keys command will still export a secret packet key 
corresponding to the missing key, but it will be marked as a "dummy key".

Try running the following command:

   $ gpg2 --list-packets secret-key

You should see (among other things) something like the following:

   :secret key packet:
           version 4 [...]
	  pkey[0]: [xxxx bits]
           pkey[1]: [xxxx bits]
           gnu-dummy S2K, algo: 0, simple checksum, hash: 0

The "gnu-dummy S2K" is the marker which will tell GnuPG that this file 
does *not* actually contain the secret key.


> What command one should run to get the private master key properly to
> save with paperkey afterwards?

I would just use

   $ gpg2 --homedir=/my/save/place --export-secret-keys | paperkey | lpr

(the last command "| lpr" would send the output directly to the printer).

This would export both the primary key and all the subkeys. If you want 
to save with paperkey only the primary key, specify its ID and append a 
'!' at the end:

   $ gpg2 --homedir=/my/save/place --export-secret-keys '0xABCDEF10!' \
     | paperkey | lpr


Hope that helps,

Damien

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161213/8176ba32/attachment.sig>