18

I am trying to transfer my gpg secret keyring from gpg1 (1.4.21) to gpg2 (2.1.15) using

gpg2 --import ~/.gnupg/secring.gpg

gpg2 is asking for the passphrases of all the secret keys in the keyring.

Why would it require the passphrases at this stage (I should only have to supply them when using the keys) and how can I prevent this, i.e. import the keyring without supplying passphrases?

System is Arch Linux, kernel 4.7.6. Thanks.

0range
  • 780
  • 1
  • 8
  • 22

1 Answers1

22

The issue was explained here in the GnuPG bugtracker; I did not see that earlier today.

The solution is: 

gpg2 --batch --import ~/.gnupg/secring.gpg
0range
  • 780
  • 1
  • 8
  • 22
  • 5
    Thanks! I was doing exactly this on a headless server using shell redirection, e.g. `gpg2 --import < my-keys` and for unknown reasons this didn't show me any passphrase prompt at all, but only a cryptic `gpg: error building skey array: Inappropriate ioctl for device`. Hopefully googling that message will send people here from now on. – jlh Sep 29 '17 at 11:40
  • My slightly-different cryptic error message when running headless was `error sending to agent: Operation cancelled`. There are other answers out there citing this error message that recommend using `--batch`, but this answer is the only one I found that went the extra mile by linking to the root cause of why this workaround is necessary. – Rusty Shackleford Jul 30 '19 at 16:13
  • For anyone who gets the `Inappropriate ioctl for device` error, try `export GPG_TTY=$(tty)` per https://github.com/keybase/keybase-issues/issues/2798 then do the batch import – Doug Ayers Oct 22 '19 at 20:32