Creating a subkey from an existing key
Werner Koch
wk at gnupg.org
Mon Nov 7 09:55:26 CET 2011
Hi!
GPGSM has a way to create a self-signed certificate or a certificate
signing requests using an existing key. This feature was missing from
GPG, thus I added it. If you use the *development version* of GnuPG
(GIT master), you may now add a subkey to your key using an already
existing key. This can be used to turn a key originally created for
X.509 into an OpenPGP subkey. You can also do all other kind of useless
tricks. Example:
$ gpg --expert --edit-key foo
[...]
gpg> addkey
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(10) ECDSA (sign only)
(11) ECDSA (set your own capabilities)
(12) ECDH (encrypt only)
(13) Existing key
Your selection? 13
Enter the keygrip: dddd
Not a valid keygrip (expecting 40 hex digits)
Enter the keygrip: 767FE23B5382793B50A27A282D9B87E44577EB69
Possible actions for a DSA key: Sign Authenticate
Current allowed actions: Sign
(S) Toggle the sign capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? q
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
Really create? (y/N) y
pub [...]
sub 1024D/12345678 created: 2011-11-07 expires: never usage: S
[...]
gpg> save
To see the keygrips of a key you can may use the option --with-keygrip.
Extending this feature to the primary key is possible, I was merely too
lazy to implement.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list