Is the key acquired from running gpg --export-secret-key encrypted or cleartext?

How to share one PGP key on multiple machines details how to export your gpg secret key into a file with gpg --export-secret-key -a > secretkey.asc. What the answer does not state is whether the keyfile created is encrypted with your pass-phrase or clear-text.

Is the key-file encrypted or not?

1 Answer

When you import a key created by the --export-secret-key option, you get both the public & private keys; however, just like before you'll need the passphrase in order to use the private key. This is shown in the fact that you do not need your passphrase to run gpg --export-secret-key -a, and therefore the secret key never gets decrypted.

Personally, I would make sure to encrypt such an exported key again (perhaps symmetrically, with a long unique passphrase) if I was transporting or storing it.

2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like