GNOME Bugzilla – Bug 159671
Export Secret Keys
Last modified: 2005-03-12 06:15:49 UTC
At present, when exporting a key, there is no indication of whether both the public/secret key pair is being exported or just the public key. An option is needed in the export dialog box where the user can select to include the secret key along with the public key. Generally this would be left unchecked, and could be greyed out if the key being exported is not a public/secret key pair.
I looked at the possibility of exporting private keys while adding the backup keyring functionality. GPGME doesn't provide a method for doing so at this time, and judging from mailing list traffic, will not anytime soon. Currently the export menu selection has the same functionality as using gpg --export, which only exports public keys. If you want to export private keys, your only option at the moment is the backup keyring function which compresses your public and private keyrings into an archive of your choosing.
Yes, that's the case. However at some point, if the GPGME devs don't want to add it, we're going to have to push ahead with these features. Not a priority though.
Is there a point at which we should consider expanding GPGME ourselves?
I believe we've already started with the gpg options and keyserver code. I named the files and functions gpgmex_*. I need to consolidate what we have and make the API consistent before we add too much more, however.
Is the goal to eventually get these functions added to gpg or do they just make use of the gpg plugins?
Do you mean GPGME? I guess it's a balance. We should ask them to include the functionality, however they seem to be set on making GPGME the lowest common denominator between gpg and gpgsm (and handle both PGP and S/MIME keys equally), so I imagine certain features will not get in. But yes, that's a good idea, you could request this specific feature in GPGME and see what the response is. That would help us figure a course of action, no?
Yes, GPGME. I suppose my point is that we will be maintaining our own set of functionality that perhaps all programs that use GPGME would benefit from. I suppose I don't necessarily understand all of the aims/goals of GPGME, but I am agreed we need to figure out where we're going.
Any chance you could ask on the GPG lists about the secret key issue? That would give us some insight into where they're headed, and what's happening. The fact that they LGPL'd GPGME shows promise. I would, but I have my hands full with a million things at the moment.
Werner Koch of gpg-devel has made it clear that no allowance for exporting normal secret keys will be made in GPGME and those users with subkeys are advanced enough to use the command line to do such tasks.
I think we may need to provide an option in seahorse to do this. It is especially importan for users of different operating systems to be able to transport their secret keys between machines. In lieu of this option, the 'un-advanced' user will create a second secret key, which is less than desirable.
The more I think about this, the more I don't see any difference between exporting their public keys that correspond to their private ones, copying their secret keyring, and then importing their pub keys and pasting their private ones. Am I missing something?
I guess people want to move keys between machines and OS's, and as such they'll need some way toget the secret key out.
Added support. Checked into CVS.
*** Bug 169774 has been marked as a duplicate of this bug. ***