problem with exporting subkeys

disastry at disastry at
Thu Feb 28 20:03:01 CET 2002

Hash: RIPEMD160

David Shaw dshaw at wrote:
> David Shaw wrote/napisa?[a]/schrieb:
> > On Wed, Feb 27, 2002 at 06:17:59PM +0100, Janusz A. Urbanowicz wrote:
> > 
> > > First question: why ALL my secret keys in the packet? I supposed only
> > > subkeys would go there.
> > 
> > The structure of the secret primary key needs to still be there for
> > various things to work.  However, the secret parts of the key are
> > gone.  Compare the size of a --export-secret-key vs a
> > --export-secret-subkeys.
> Ok. But is there a way to export a _single_ subkey? I definitely need such
> option. Specyfying subkey ID after --export-secret-subkeys exports all
> subkeys (tested).

The single subkey isn't usable without the primary key (or rather, the
primary key minus the secret parts of the key) attached, so exporting
just a subkey won't really be helpful.

he did not asked for that.
- --export-secret-subkeys exports:  pubkey, fake seckey and all subkeys.
I think he asked how to export: pubkey, fake seckey and ONE SELECTED subkey.
well... beuckup the key, remove unwanted subkeys, do --export-secret-subkeys, restore key fom backup :)

besides the single subkey IS usable without the primary key - it can be promoted to key (see my other msg).

Disastry <----PGP plugins for Netscape and MDaemon
 ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1


More information about the Gnupg-devel mailing list