problem with exporting subkeys

David Shaw dshaw@jabberwocky.com
Thu Feb 28 16:44:01 2002


On Thu, Feb 28, 2002 at 03:50:15PM +0100, Janusz A. Urbanowicz wrote:
> David Shaw wrote/napisa?[a]/schrieb:
> > On Wed, Feb 27, 2002 at 06:17:59PM +0100, Janusz A. Urbanowicz wrote:
> > 
> > > First question: why ALL my secret keys in the packet? I supposed only
> > > subkeys would go there.
> > 
> > The structure of the secret primary key needs to still be there for
> > various things to work.  However, the secret parts of the key are
> > gone.  Compare the size of a --export-secret-key vs a
> > --export-secret-subkeys.
> 
> Ok. But is there a way to export a _single_ subkey? I definitely need such
> option. Specyfying subkey ID after --export-secret-subkeys exports all
> subkeys (tested).

The single subkey isn't usable without the primary key (or rather, the
primary key minus the secret parts of the key) attached, so exporting
just a subkey won't really be helpful.  One way to do it would be to
export the key with all subkeys and then --edit-key and "delkey" the
subkeys you don't want.

> > > Second question: why GPG chokes on it?
> > 
> > Judging from the listing you posted, it seems you did
> > --export-secret-subkeys on a v3 key (mixed in with your v4 keys).  V3
> > keys do not work with --export-secret-subkeys, and in fact cause the
> > resulting file to be unusable.
> 
> 'I' didn't do --export-secret-subkeys od na v3 key. What I did was to use
> --export-secret-subkeys without a parameter which, I assumed, would export
> only subkeys, thus not affecting a legacy v3 key without one.

That's the way it works now.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson