On Fri, 18 Dec 2020 12:54, Annie Yousar said: > The key is not encrypted with the passphrase, but with a secret key > derived (by S2K) from the passphrase with the help of a > salt. Therefore each export gives different export data, despite using > the same passphrase.
That is because GnuPG internally stores the secret key in a different format than what is specified for the OpenPGP secret key exchange format. Thus in general we need to re-encrypt the secret key for export and thus a fresh salt is used. Also not yet officially specified, it is also okay to export the internal format (those <40hexdigits>.key files). This is often useful if an encryption subkey needs to be shared between members of a team (role accounts etc.) Please take care if planning this because those key files may contain meta data (e.g. a description of the key) and the passphrase is not as strong as usual OpenPGP encryption. Thus convey only over a secure channel (i.e. with an additional encryption and authentication layer). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users