gnupg and subkeys
Adrian 'Dagurashibanipal' von Bidder
avbidder@fortytwo.ch
Wed Jan 8 21:36:01 2003
--=-v3a5M5PwSIkg3QK8RTBO
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Wed, 2003-01-08 at 20:58, Werner Koch wrote:
> On Wed, 8 Jan 2003 14:24:46 -0500, David Shaw said:
>=20
> > Given secret key A, with subkeys A1 and A2, if you import "A+A1", you
> > can not then import "A+A2" to create "A+A1+A2". You can only do that
> > with public keys. For secret keys, you need to use gpgsplit and
> > manually assemble "A+A1+A2" for import.
Exactly.
> Should we really fix this. This requires a complex secret key
> management and thus it is insecure. There is nothing you gain from
> splitting you secret keyparts to several files. I think it is far
> better to have just one master copy with the key and export the
> subkeys you require. =20
For me, it's not urgent. I do indeed have a complete master key - and I
warn about this issue in my subkeys HOWTO.
> An enhanced --export-secret-subkeys command where you can specify
> which subkeys to export would indeed be useful.
Looking forward to it, then :-)
(Sorry, no, I won't be coding this myself.)
cheers
-- vbi
--=20
this email is protected by a digital signature: http://fortytwo.ch/gpg
--=-v3a5M5PwSIkg3QK8RTBO
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iHMEABECADMFAj4ci/YsGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99ZiaQCgyDxLCnkYbkGPZUv/3KSaOoSnL8wA
nj1R8eIsluiHBCDDdJDtFpD0QJNJ
=mxHx
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822
--=-v3a5M5PwSIkg3QK8RTBO--