On 23/08/2017 23:59, Werner Koch wrote: > On Sun, 13 Aug 2017 08:17, dani...@grinta.net said: > >> Digging a bit more, it seems that the functionality got dropped because >> with GnuPG 2.x all key manipulations go through gpg-agent and it does >> not (yet?) support password reset on expert. > > Unfortunately this is still an open bug: > > https://dev.gnupg.org/T1753 > > we won't be able to fix it for 2.2.0 but given that it is marked as a > bug it can and should be fixed in the soon to be release 2.2 series.
As a work around I come up with this simple script, which has the sole problem of asking the secret subkey passphrase a few times too much, and to require to explicitly enter an empty passphrase. Let me know if it is excessively dummy or if there is a better way. Cheers, Daniele #!/bin/sh set -e KEY="$1" shift # make sure to have a "!" at the end of the key fingerprint to export # exclusively the corresponding subkey and not the primary key if [ "$KEY" == "${KEY%\!}" ] then KEY="$KEY"\! fi umask 0077 TMPDIR=$(mktemp -d) trap "rm -r $TMPDIR; exit" 0 1 2 3 15 gpg --export-secret-subkey "$KEY" | gpg --home $TMPDIR --import gpg --home $TMPDIR --change-passphrase "$KEY" gpg --home $TMPDIR --armor "$@" --export-secret-subkey "$KEY" _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users