exporting and importing some subkeys
David Shaw
dshaw at jabberwocky.com
Sun Jan 6 23:20:06 CET 2008
On Jan 2, 2008, at 7:41 AM, Bernhard Reiter wrote:
> With gnupg 2.0.7 (and 2.0.5):
>
> Given two machines with .gnupg having your secret key
> and doing "addkey" on one, I encountered a problem
> trying to transfer the new subkey to the other.
>
> gpg2 --export-secret-key ABCDEF >mykey
>
> worked even when ABCDEF is the fingerprint of my new subkey.
> gpg2 --import mykey
> tells me that the key is already in my keyring.
>
> gpg2 --list-secret-keys does not have the new subkey,
> so I guess the problem to be in the import.
>
> Am I missing something?
What you ended up with is two machines with copies of the same secret
key, but one of the machines had an extra subkey. The problem, as you
saw, is that GPG (both v1 and v2) don't yet support merging secret
keys. A merge is necessary (rather than a replacement) as there could
be new subkeys on both machines, and the user probably wants to keep
them all. ;)
As a workaround, if you know for sure that one machine has a superset
subkey-wise of the other, you can delete the secret key from the
subset machine and then import a copy from the superset machine.
David
More information about the Gnupg-devel
mailing list