gnupg and subkeys
Werner Koch
wk@gnupg.org
Wed Jan 8 21:00:02 2003
On Wed, 8 Jan 2003 14:24:46 -0500, David Shaw said:
> Given secret key A, with subkeys A1 and A2, if you import "A+A1", you
> can not then import "A+A2" to create "A+A1+A2". You can only do that
> with public keys. For secret keys, you need to use gpgsplit and
> manually assemble "A+A1+A2" for import.
Should we really fix this. This requires a complex secret key
management and thus it is insecure. There is nothing you gain from
splitting you secret keyparts to several files. I think it is far
better to have just one master copy with the key and export the
subkeys you require.
An enhanced --export-secret-subkeys command where you can specify
which subkeys to export would indeed be useful.
Shalom-Salam,
Werner