gnupg and subkeys

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Tue Jan 7 21:03:05 2003


--=-UJNPVtwfiLvHPSXWTSdQ
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

[replies please only to one of the mailing lists]
Yo!

I have updated my document about multiple subkeys
(http://fortytwo.ch/subkeys) to gpg 1.2.1. There still are a few quirks,
mostly it's just that the user interface could be better:

 * subkey creation: should offer to expire the subkey at the same time
as the primary, if the primary has an expiry date set. (To discuss:
should gpg forbid (except with --expert) creating subkeys that live
longer than the primary?).
 * secret key merging: I'd consider this one a bug and not just a ui
inconvenience:
=3D=3D=3D=3D=3D=3D=3D=3D
avbidder@altfrangg:~/tmp$ gpg --list-secret-key testuser
sec# 1024D/971B7A70 2003-01-03 testuser (test key - do not use!) <testuser@=
fortytwo.ch>
ssb  1024g/ACDF80C4 2003-01-03
ssb  1024R/BE9CA308 2003-01-07

avbidder@altfrangg:~/tmp$ gpg --import testuser.s=20
gpg: key 971B7A70: already in secret keyring
gpg: Total number processed: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1
avbidder@altfrangg:~/tmp$ gpg --list-secret-key testuser  =20
sec# 1024D/971B7A70 2003-01-03 testuser (test key - do not use!) <testuser@=
fortytwo.ch>
ssb  1024g/ACDF80C4 2003-01-03
ssb  1024R/BE9CA308 2003-01-07

=3D=3D=3D=3D=3D=3D=3D=3D
where testuser.c is the crippled and testuser.s the full secret key.
 * subkey eyports: (ok, this one is really just a whishlist item): Much
shuffling around with exported keys and re-importing them could be
avoided if the above bug was fixed and=20
$ gpg --export-secret-[sub]key <subkeyid>!=20
would export a stripped down version of the secret key containing only
the primary [dummy] key and the specified subkey.

So long...
-- vbi

--=20
get my gpg key here: http://fortytwo.ch/gpg/92082481

--=-UJNPVtwfiLvHPSXWTSdQ
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iHMEABECADMFAj4bMq0sGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99azFQCglgmogukO4xba3LYBs/MwkBn2eKAA
n3ySWO3Lv9rpFYuXrv4SWlWJnbeo
=YET/
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822

--=-UJNPVtwfiLvHPSXWTSdQ--