importing a secret key

Neil Williams linux at
Fri Nov 7 22:31:36 CET 2003

On Friday 07 Nov 2003 9:20 pm, Munir Nassar wrote:
> recover my  pubring.gpg and trustdb.pgp
> $ gpg redconcepts.priv.key
> sec  1024D/C93A57EA 2003-09-02 Munir Nassar (Ein)
> ssb  1024g/578D6A75 2003-09-02
> so i tried to import this key using gpg --import redconcepts.priv.key
> but this did not seem to work:
> and
> $ gpg --list-sec
> /home/nassarmu/.gnupg/secring.gpg
> ---------------------------------
> sec# 1024D/C93A57EA 2003-09-02 Munir Nassar (Ein)
> <nassarmu at>
> ssb  1024g/578D6A75 2003-09-02
> notice the # after sec?

from man gpg
A '#' after the letters 'sec'
                 means that the secret key is not usable (for example,  if  it
                 was created via --export-secret-subkeys).

Oops. subkey instead of secret key!

--export-secret-keys [names]

      --export-secret-subkeys [names]
                 Same  as --export, but exports the secret keys instead.  This
                 is normally not very useful and a security risk.  The  second
                 form  of  the  command has the special property to render the
                 secret part of the primary key useless; this is a GNU  exten-
                 sion to OpenPGP and other implementations can not be expected
                 to successfully import such a key.

                 See the option --simple-sk-checksum if  you  want  to  import
                 such an exported key with an older OpenPGP implementation.

                 Secret  keys  are integrity protected by using a SHA-1 check-
                 sum.  This method will be part of an enhanced OpenPGP  speci-
                 fication  but  GnuPG  already  uses  it  as  a countermeasure
                 against certain attacks.  Old applications  don't  understand
                 this new format, so this option may be used to switch back to
                 the old behaviour.  Using this this option bears  a  security
                 risk.  Note that using this option only takes effect when the
                 secret key is encrypted - the simplest way to make this  hap-
                 pen  is to change the passphrase on the key (even changing it
                 to the same value is acceptable).


Neil Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20031107/c796b0eb/attachment.bin

More information about the Gnupg-users mailing list