exporting and importing some subkeys

David Shaw dshaw at jabberwocky.com
Sun Jan 6 23:20:06 CET 2008


On Jan 2, 2008, at 7:41 AM, Bernhard Reiter wrote:

> With gnupg 2.0.7 (and 2.0.5):
>
> Given two machines with .gnupg having your secret key
> and doing "addkey" on one, I encountered a problem
> trying to transfer the new subkey to the other.
>
> gpg2 --export-secret-key  ABCDEF >mykey
>
> worked even when ABCDEF is the fingerprint of my new subkey.
> gpg2 --import mykey
> tells me that the key is already in my keyring.
>
> gpg2 --list-secret-keys does not have the new subkey,
> so I guess the problem to be in the import.
>
> Am I missing something?

What you ended up with is two machines with copies of the same secret  
key, but one of the machines had an extra subkey.  The problem, as you  
saw, is that GPG (both v1 and v2) don't yet support merging secret  
keys.  A merge is necessary (rather than a replacement) as there could  
be new subkeys on both machines, and the user probably wants to keep  
them all. ;)

As a workaround, if you know for sure that one machine has a superset  
subkey-wise of the other, you can delete the secret key from the  
subset machine and then import a copy from the superset machine.

David



More information about the Gnupg-devel mailing list