gnupg and subkeys

David Shaw
Wed Jan 8 20:24:02 2003

On Wed, Jan 08, 2003 at 07:54:49PM +0100, Werner Koch wrote:
> On 08 Jan 2003 15:06:46 +0100, Adrian 'Dagurashibanipal' von Bidder said:
> > When I have two secret keys differing in the subkeys (or in the presence
> > of the primary), gpg can't import both secret keys to produce one merged
> > secret key. After the first secret key import, it will always say
> You mean you already have a secret key with a dummy primary one
> (created using --export-secret-subkeys) and then you try to import the
> the full secret key.  This is indeed poossible.  The workaround is to
> delete the existing key first.  It does not make much sense to merge
> secret keys because we assume that you always know where your most
> recent and up to date secret key is stored.

I think what he means is:

Given secret key A, with subkeys A1 and A2, if you import "A+A1", you
can not then import "A+A2" to create "A+A1+A2".  You can only do that
with public keys.  For secret keys, you need to use gpgsplit and
manually assemble "A+A1+A2" for import.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson