gnupg and subkeys

Adrian 'Dagurashibanipal' von Bidder
Wed Jan 8 21:36:01 2003

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2003-01-08 at 20:58, Werner Koch wrote:
> On Wed, 8 Jan 2003 14:24:46 -0500, David Shaw said:
> > Given secret key A, with subkeys A1 and A2, if you import "A+A1", you
> > can not then import "A+A2" to create "A+A1+A2".  You can only do that
> > with public keys.  For secret keys, you need to use gpgsplit and
> > manually assemble "A+A1+A2" for import.


> Should we really fix this.  This requires a complex secret key
> management and thus it is insecure.  There is nothing you gain from
> splitting you secret keyparts to several files.  I think it is far
> better to have just one master copy with the key and export the
> subkeys you require. =20

For me, it's not urgent. I do indeed have a complete master key - and I
warn about this issue in my subkeys HOWTO.

> An enhanced --export-secret-subkeys command where you can specify
> which subkeys to export would indeed be useful.

Looking forward to it, then :-)

(Sorry, no, I won't be coding this myself.)

-- vbi

this email is protected by a digital signature:

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.1 (GNU/Linux)

Signature policy: