Export gpg to p12 under windows

windows encryption gnupg

9,047

I think you are using the wrong program; pgpsm is used to sign, check, encrypt or decrypt using the S/MIME protocol.

I do not have pgp4win at hand, but according to the man page, this should export your public and secret key:

gpg -o XXXXXXX_private.p12 --export [key id] --export-format pkcs12 --cert

The info on pkcs12 is the following,

pkcs12 Only binary blocks are output; the default file extension is .p12; a signed key must be paired; and input must match exactly one key. In this case, --cert is required.

so I included the --cert option, without reflection about that option:

--cert This option is the X.509 issuer long name or the 32-bit or 64-bit key ID, if the signing key is available.

I did some more tests (now with gpg4win), and partially have to contradict myself. The gpgsm tool in gpg4win describes itself as

gpgsm is a tool similar to gpg to provide digital encryption and sign- ing services on X.509 certificates and the CMS protocol. It is mainly used as a backend for S/MIME mail processing.

which indeed sounds correct.

So, your command posted in the question seems totally sensible, I only have two more clues:

You can try to use a ASCII armored output via the -a option
And there is an option concerning the charset of the exported key, which often is a problem with (especially older) windows programs:

--p12-charset name gpgsm uses the UTF-8 encoding when encoding passphrases for PKCS#12 files. This option may be used to force the passphrase to be encoded in the specified encoding name. This is useful if the application used to import the key uses a different encoding and thus will not be able to import a file generated by gpgsm. Commonly used values for name are Latin1 and CP850. Note that gpgsm itself automagically imports any file with a passphrase encoded to the most commonly used encodings.

9,047

Choumarin

Updated on September 18, 2022

Comments

Choumarin over 1 year
I'm using gpg4win and I'm trying to export my gpg private key to a p12 format (to import it in Lotus Notes). According to my understanding I need to:
```
gpgsm.exe -o "XXXXXXXX_private.p12" --export-secret-key-p12 0xXXXXXXXX
```
However, I'm getting the following error : "No secret Key" Actually, gpgsm -K does not return anything at all (where gpg -K works).

What am I missing ?
Choumarin almost 11 years

Ok I now get the difference between gpg and gpgsm, thanks. However, this command does not work '--export-key-pair' is not a valid option. I have tried --export but then it won't import in Lotus Notes (but the problem might be in Lotus Notes).
mpy almost 11 years

@Choumarin: Sorry, the gpg of gpg4win and the linux version seem to differ significantly. I updated my answer, but I have no possibility to test with Lotus.