Import of GPG secret keys with offline primaries fails
Categories
(MailNews Core :: Security: OpenPGP, enhancement)
Tracking
(Not tracked)
People
(Reporter: o.mandel, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0
Steps to reproduce:
- Export the key to a file:
gpg --armor --output key.gpg.asc --export-secret-keys first@last.name
- Start Thunderbird (78.4.0)
- Thunderbird Menu: Tools -> OpenPGP Key Manager
- Key Manager Menu: Import Secret Key from file
- Selected file, click continue
- Enter passphrase in prompt
Actual results:
The "Passphrase required" dialog is shows again (and again and again). Entering the correct passphrase does not work and there is no explanation why.
Expected results:
Either: show a detailed explanation why the import fails. As it is the user must think they got the wrong password or something. For this solution, the ticket would be a bug report.
Or (preferred): support secret keys with offline primary keys: effectively only the secret keys of the subkeys are present. For this solution, the ticket is a feature-request.
Such keys can be generated for improved security where only the secrets of the subkeys for day-to-day functionality are on a machine and the all-important primary key secret is on a different machine. Example (note the sec#
and the extra ssb for signing):
$ gpg --list-secret-keys first@last.name
sec# rsa4096 2013-07-31 [SC]
000102030405060708090A0B0C0D0E0F10111213
uid [ultimate] First Last <first@last.name>
ssb rsa4096 2013-07-31 [E]
ssb rsa4096 2013-07-31 [S]
Comment 1•4 years ago
|
||
duplicate of bug 1654893?
Comment 2•4 years ago
|
||
I think so. That bug has some workaround instructions as well.
Description
•