gnupg and subkeys

Werner Koch
Wed Jan 8 21:00:02 2003

On Wed, 8 Jan 2003 14:24:46 -0500, David Shaw said:

> Given secret key A, with subkeys A1 and A2, if you import "A+A1", you
> can not then import "A+A2" to create "A+A1+A2".  You can only do that
> with public keys.  For secret keys, you need to use gpgsplit and
> manually assemble "A+A1+A2" for import.

Should we really fix this.  This requires a complex secret key
management and thus it is insecure.  There is nothing you gain from
splitting you secret keyparts to several files.  I think it is far
better to have just one master copy with the key and export the
subkeys you require.  

An enhanced --export-secret-subkeys command where you can specify
which subkeys to export would indeed be useful.