Combining Secret Keys

John Clizbe JPClizbe at tx.rr.com
Tue Dec 11 12:37:35 CET 2007


Brad Tilley wrote:
> OK, thanks for the tip. So, I won't need to change anything publicly? 
> Currently, I publish the public keys on a website... nothing to change 
> there? To go from three to one, I will import two of the private keys 
> into the remaining private key. Is it then OK to delete the individual 
> secret keys that I imported? What about revocation certs... are the ones 
> I have now OK, or should they be re-generated?

I think you misunderstand. You may import the keys to the same keyring file, but
each public-secret key pair remains a distinct entity.

You cannot merge multiple secret keys into a single key instance. You can only
store them in the same file.

Your existing revocation certs are fine *for each individual key*. If you wish a
public key to no longer be usable, you may import the key's revocation
certificate and publish the revoked key.

If you delete a secret key, you lose its use. You will no longer be able to
decrypt content encrypted to the corresponding public key.

> I apologize for all the questions... just don't wan t to screw this up.

Do not delete any of your secret keys until you understand the principles a bit
better.  Your present course will lead you to unwelcome and undesired results.

I'll hazard a guess that you are conflating user IDs with the actual key material.

-- 
John P. Clizbe                   Inet:   JPClizbe(a) tx DAWT rr DAHT com
Ginger Bear Networks             hkp://keyserver.gingerbear.net
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 679 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20071211/620ca8bf/attachment-0001.pgp 


More information about the Gnupg-users mailing list