gnupg and subkeys

Adrian 'Dagurashibanipal' von Bidder avbidder at fortytwo.ch
Tue Jan 7 21:03:02 CET 2003


[replies please only to one of the mailing lists]
Yo!

I have updated my document about multiple subkeys
(http://fortytwo.ch/subkeys) to gpg 1.2.1. There still are a few quirks,
mostly it's just that the user interface could be better:

 * subkey creation: should offer to expire the subkey at the same time
as the primary, if the primary has an expiry date set. (To discuss:
should gpg forbid (except with --expert) creating subkeys that live
longer than the primary?).
 * secret key merging: I'd consider this one a bug and not just a ui
inconvenience:
========
avbidder at altfrangg:~/tmp$ gpg --list-secret-key testuser
sec# 1024D/971B7A70 2003-01-03 testuser (test key - do not use!) <testuser at fortytwo.ch>
ssb  1024g/ACDF80C4 2003-01-03
ssb  1024R/BE9CA308 2003-01-07

avbidder at altfrangg:~/tmp$ gpg --import testuser.s 
gpg: key 971B7A70: already in secret keyring
gpg: Total number processed: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1
avbidder at altfrangg:~/tmp$ gpg --list-secret-key testuser   
sec# 1024D/971B7A70 2003-01-03 testuser (test key - do not use!) <testuser at fortytwo.ch>
ssb  1024g/ACDF80C4 2003-01-03
ssb  1024R/BE9CA308 2003-01-07

========
where testuser.c is the crippled and testuser.s the full secret key.
 * subkey eyports: (ok, this one is really just a whishlist item): Much
shuffling around with exported keys and re-importing them could be
avoided if the above bug was fixed and 
$ gpg --export-secret-[sub]key <subkeyid>! 
would export a stripped down version of the secret key containing only
the primary [dummy] key and the specified subkey.

So long...
-- vbi

-- 
get my gpg key here: http://fortytwo.ch/gpg/92082481
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 320 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20030107/251b4d19/attachment.bin


More information about the Gnupg-devel mailing list