dda54cc851
* Drafts of instructions for exporting public and secret keys ready, along in addition to the code.
162 lines
5.1 KiB
XML
162 lines
5.1 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE dita PUBLIC "-//OASIS//DTD DITA Composite//EN" "ditabase.dtd">
|
|
<dita xml:lang="en-GB">
|
|
<topic id="exporting-seckeys">
|
|
<title>Exporting Secret Keys</title>
|
|
<body>
|
|
<p>Exporting secret keys is, functionally, very similar to exporting public keys; save for the
|
|
invocation of <cmdname>pinentry</cmdname> via <cmdname>gpg-agent</cmdname> in order to
|
|
securely enter the key's passphrase and authorise the export.</p>
|
|
<p>The following example exports the secret key to a file which is then set with the same
|
|
permissions as the output files created by the command line secret key export options.</p>
|
|
<p>
|
|
<codeblock id="export-seckey-01" outputclass="language-python">import gpg
|
|
import os
|
|
import os.path
|
|
import sys
|
|
|
|
print("""
|
|
This script exports one or more secret keys.
|
|
|
|
The gpg-agent and pinentry are invoked to authorise the export.
|
|
""")
|
|
|
|
c = gpg.Context(armor=True)
|
|
|
|
if len(sys.argv) >= 4:
|
|
keyfile = sys.argv[1]
|
|
logrus = sys.argv[2]
|
|
homedir = sys.argv[3]
|
|
elif len(sys.argv) == 3:
|
|
keyfile = sys.argv[1]
|
|
logrus = sys.argv[2]
|
|
homedir = input("Enter the GPG configuration directory path (optional): ")
|
|
elif len(sys.argv) == 2:
|
|
keyfile = sys.argv[1]
|
|
logrus = input("Enter the UID matching the secret key(s) to export: ")
|
|
homedir = input("Enter the GPG configuration directory path (optional): ")
|
|
else:
|
|
keyfile = input("Enter the path and filename to save the secret key to: ")
|
|
logrus = input("Enter the UID matching the secret key(s) to export: ")
|
|
homedir = input("Enter the GPG configuration directory path (optional): ")
|
|
|
|
if homedir.startswith("~"):
|
|
if os.path.exists(os.path.expanduser(homedir)) is True:
|
|
c.home_dir = os.path.expanduser(homedir)
|
|
else:
|
|
pass
|
|
elif os.path.exists(homedir) is True:
|
|
c.home_dir = homedir
|
|
else:
|
|
pass
|
|
|
|
try:
|
|
result = c.key_export_secret(pattern=logrus)
|
|
except:
|
|
result = c.key_export_secret(pattern=None)
|
|
|
|
if result is not None:
|
|
with open(keyfile, "wb") as f:
|
|
f.write(result)
|
|
os.chmod(keyfile, 0o600)
|
|
else:
|
|
pass
|
|
</codeblock>
|
|
</p>
|
|
<p>Alternatively the approach of the following script can be used. This longer example saves
|
|
the exported secret key(s) in files in the GnuPG home directory, in addition to setting the
|
|
file permissions as only readable and writable by the user. It also exports the secret
|
|
key(s) twice in order to output both GPG binary (<codeph>.gpg</codeph>) and ASCII armoured
|
|
(<codeph>.asc</codeph>) files.</p>
|
|
<p>
|
|
<codeblock id="export-seckey-02" outputclass="language-python">import gpg
|
|
import os
|
|
import os.path
|
|
import subprocess
|
|
import sys
|
|
|
|
print("""
|
|
This script exports one or more secret keys as both ASCII armored and binary
|
|
file formats, saved in files within the user's GPG home directory.
|
|
|
|
The gpg-agent and pinentry are invoked to authorise the export.
|
|
""")
|
|
|
|
if sys.platform == "win32":
|
|
gpgconfcmd = "gpgconf.exe --list-dirs homedir"
|
|
else:
|
|
gpgconfcmd = "gpgconf --list-dirs homedir"
|
|
|
|
a = gpg.Context(armor=True)
|
|
b = gpg.Context()
|
|
c = gpg.Context()
|
|
|
|
if len(sys.argv) >= 4:
|
|
keyfile = sys.argv[1]
|
|
logrus = sys.argv[2]
|
|
homedir = sys.argv[3]
|
|
elif len(sys.argv) == 3:
|
|
keyfile = sys.argv[1]
|
|
logrus = sys.argv[2]
|
|
homedir = input("Enter the GPG configuration directory path (optional): ")
|
|
elif len(sys.argv) == 2:
|
|
keyfile = sys.argv[1]
|
|
logrus = input("Enter the UID matching the secret key(s) to export: ")
|
|
homedir = input("Enter the GPG configuration directory path (optional): ")
|
|
else:
|
|
keyfile = input("Enter the filename to save the secret key to: ")
|
|
logrus = input("Enter the UID matching the secret key(s) to export: ")
|
|
homedir = input("Enter the GPG configuration directory path (optional): ")
|
|
|
|
if homedir.startswith("~"):
|
|
if os.path.exists(os.path.expanduser(homedir)) is True:
|
|
c.home_dir = os.path.expanduser(homedir)
|
|
else:
|
|
pass
|
|
elif os.path.exists(homedir) is True:
|
|
c.home_dir = homedir
|
|
else:
|
|
pass
|
|
|
|
if c.home_dir is not None:
|
|
if c.home_dir.endswith("/"):
|
|
gpgfile = "{0}{1}.gpg".format(c.home_dir, keyfile)
|
|
ascfile = "{0}{1}.asc".format(c.home_dir, keyfile)
|
|
else:
|
|
gpgfile = "{0}/{1}.gpg".format(c.home_dir, keyfile)
|
|
ascfile = "{0}/{1}.asc".format(c.home_dir, keyfile)
|
|
else:
|
|
if os.path.exists(os.environ["GNUPGHOME"]) is True:
|
|
hd = os.environ["GNUPGHOME"]
|
|
else:
|
|
hd = subprocess.getoutput(gpgconfcmd)
|
|
gpgfile = "{0}/{1}.gpg".format(hd, keyfile)
|
|
ascfile = "{0}/{1}.asc".format(hd, keyfile)
|
|
|
|
try:
|
|
a_result = a.key_export_secret(pattern=logrus)
|
|
b_result = b.key_export_secret(pattern=logrus)
|
|
except:
|
|
a_result = a.key_export_secret(pattern=None)
|
|
b_result = b.key_export_secret(pattern=None)
|
|
|
|
if a_result is not None:
|
|
with open(ascfile, "wb") as f:
|
|
f.write(a_result)
|
|
os.chmod(ascfile, 0o600)
|
|
else:
|
|
pass
|
|
|
|
if b_result is not None:
|
|
with open(gpgfile, "wb") as f:
|
|
f.write(b_result)
|
|
os.chmod(gpgfile, 0o600)
|
|
else:
|
|
pass
|
|
</codeblock>
|
|
</p>
|
|
<p/>
|
|
</body>
|
|
</topic>
|
|
</dita>
|