125
125
making use of ssh.
128
@item Exporting a secret key without a certificate
130
I may happen that you have created a certificate request using
131
@command{gpgsm} but not yet received and imported the certificate from
132
the CA. However, you want to export the secret key to another machine
133
right now to import the certificate over there then. You can do this
134
with a little trick but it requires that you know the approximate time
135
you created the signing request. By running the command
138
ls -ltr ~/.gnupg/private-keys-v1.d
141
you get a listing of all private keys under control of @command{gpg-agent}.
142
Pick the key which best matches the creation time and run the command
145
/usr/local/libexec/gpg-protect-tool --p12-export ~/.gnupg/private-keys-v1.d/@var{foo} >@var{foo}.p12
148
(Please adjust the path to @command{gpg-protect-tool} to the approriate
149
location). @var{foo} is the name of the key file you picked (it should
150
have the suffix @file{.key}). A Pinentry box will pop up and ask you
151
for the current passphrase of the key and a new passphrase to protect it
154
To import the created file on the machine you use this command:
157
/usr/local/libexec/gpg-protect-tool --p12-import --store @var{foo}.p12
160
You will be asked for the pkcs#12 passphrase and a new passphrase to
161
protect the imported private key at its new location.
163
Note that there is no easy way to match existing certificates with
164
stored private keys because some private keys are used for Secure Shell
165
or other purposes and don't have a corresponding certificate.