0

so I spent many hours on this now and I hope someone can give me any useful input. I want to export an encrypted secret key from GPG (which lies in ~/.gnupg/private-keys-v1.d) but I do not have the passphrase. So the normal gpg --armor --export-secret-keys <name> does not work for me. My goal is to get that encrypted private key into the armored OpenPGP format (while still being encrypted).

Just a change of format without any decryption happening.

So I dove into the RFC 4880 standard to understand how the packet structure works but that doesn't lead me anywhere.

I hope this is understable.

Is it even possible to do this manually or is the key decrypted and reencrypted a different way during gpg's export function?

xyzabc123
  • 1
  • 1
  • 1
    Yes, in a GnuPG that uses private-keys-v1.d (definitely 2.2 up, I think but can't confirm 2.1) the keys are encrypted _and formatted_ differently than RFC4880 (OpenPGP), thus for export must be decrypted (unless already cached in the agent), re-formatted, and re-encrypted. See https://security.stackexchange.com/questions/230450/generating-multiple-gpg-private-keys-for-provenance . – dave_thompson_085 Apr 06 '22 at 03:15
  • Yes, that's what I thought, fuuuck.. I am sitting at a CTF right now and really thought It was possible lol. Thank you so much for confirming it is not! – xyzabc123 Apr 06 '22 at 14:49

0 Answers0