security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-05 23:07:49 +02:00
Code Activity

doc: Improve the description of gpg's --export commands.

Browse Source 
--
GnuPG-bug-id: 1655
This commit is contained in:
Werner Koch 2014-06-24 12:21:54 +02:00
parent dce1dad23d
commit 6295b6675e
1 changed files with 25 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
doc/gpg.texi
View File

@ -408,8 +408,8 @@ removed first. In batch mode the key must be specified by fingerprint.
@opindex export @opindex export
Either export all keys from all keyrings (default keyrings and those Either export all keys from all keyrings (default keyrings and those
registered via option @option{--keyring}), or if at least one name is given, registered via option @option{--keyring}), or if at least one name is given,
those of the given name. The new keyring is written to STDOUT or to the those of the given name. The exported keys are written to STDOUT or to the
file given with option @option{--output}. Use together with file given with option @option{--output}. Use together with
@option{--armor} to mail those keys. @option{--armor} to mail those keys.
@item --send-keys @code{key IDs} @item --send-keys @code{key IDs}
@ -424,14 +424,30 @@ or changed by you. If no key IDs are given, @command{gpg} does nothing.
@itemx --export-secret-subkeys @itemx --export-secret-subkeys
@opindex export-secret-keys @opindex export-secret-keys
@opindex export-secret-subkeys @opindex export-secret-subkeys
Same as @option{--export}, but exports the secret keys instead. This is Same as @option{--export}, but exports the secret keys instead. The
normally not very useful and a security risk. The second form of the exported keys are written to STDOUT or to the file given with option
command has the special property to render the secret part of the @option{--output}. This command is often used along with the option
primary key useless; this is a GNU extension to OpenPGP and other @option{--armor} to allow easy printing of the key for paper backup;
implementations can not be expected to successfully import such a key. however the external tool @command{paperkey} does a better job for
creating backups on paper. Note that exporting a secret key can be a
security risk if the exported keys are send over an insecure channel.
The second form of the command has the special property to render the
secret part of the primary key useless; this is a GNU extension to
OpenPGP and other implementations can not be expected to successfully
import such a key. Its intended use is to generated a full key with
an additional signing subkey on a dedicated machine and then using
this command to export the key without the primary key to the main
machine.
@ifset gpgtwoone
GnuPG may ask you to enter the passphrase for the key. This is
required because the internal protection method of the secret key is
different from the one specified by the OpenPGP protocol.
@end ifset
@ifclear gpgtwoone @ifclear gpgtwoone
See the option @option{--simple-sk-checksum} if you want to import such See the option @option{--simple-sk-checksum} if you want to import an
an exported key with an older OpenPGP implementation. exported secret key into ancient OpenPGP implementations.
@end ifclear @end ifclear
@item --import @item --import