Stefan Monnier (12019-10-31):
> Not sure how the above relates to the following question, so maybe
> I misunderstand something.
If I can control exactly where GPG finds its files, I can copy the key
into a new directory and work from here, doing exactly what I want
without endangering the original.
> I'm not very knowledgeable in GPG, but AFAICT it only offers commands to
> export public keys, not private/secret keys.
--export-secret-keys
--export-secret-subkeys
Same as --export, but exports the secret keys instead. The ex‐
ported keys are written to STDOUT or to the file given with op‐
tion --output.
But if the key is unprotected in the keyring, then it is exported as
unprotected. I want to keep it unprotected in the keyring but export it
protected.
Also, if anybody is about to suggest to add a pass phrase in the
keyring, export, then remove the pass phrase, do not: I already thought
of this solution, but changing the original is an unacceptable risk.
> So I think you're stuck
> with copying by hand the actual file that holds the private key
> (somewhere in ~/.gnupg) if you want to "export" it. Once you've done
> that, you can put it in "another-dir" with a similar structure and then
> use
>
> gpg --homedir ../another-dir --change-passphrase
>
> to change its passphrase.
That would be the idea. And for that, I need a KISS gpg, because current
gpg does not honor the homedir setting for private keys, because it uses
the agent instead. This is exactly the problem.
Regards,
--
Nicolas George
Attachment:
signature.asc
Description: PGP signature