Combining Secret Keys
Brad Tilley
btilley at vt.edu
Tue Dec 11 14:58:19 CET 2007
John Clizbe wrote:
> Brad Tilley wrote:
>> OK, thanks for the tip. So, I won't need to change anything publicly?
>> Currently, I publish the public keys on a website... nothing to change
>> there? To go from three to one, I will import two of the private keys
>> into the remaining private key. Is it then OK to delete the individual
>> secret keys that I imported? What about revocation certs... are the ones
>> I have now OK, or should they be re-generated?
>
> I think you misunderstand. You may import the keys to the same keyring file, but
> each public-secret key pair remains a distinct entity.
>
> You cannot merge multiple secret keys into a single key instance. You can only
> store them in the same file.
>
> Your existing revocation certs are fine *for each individual key*. If you wish a
> public key to no longer be usable, you may import the key's revocation
> certificate and publish the revoked key.
>
> If you delete a secret key, you lose its use. You will no longer be able to
> decrypt content encrypted to the corresponding public key.
>
>> I apologize for all the questions... just don't wan t to screw this up.
>
> Do not delete any of your secret keys until you understand the principles a bit
> better. Your present course will lead you to unwelcome and undesired results.
>
> I'll hazard a guess that you are conflating user IDs with the actual key material.
Sorry, my terminology wasn't accurate. I understand what you are saying.
However, I was hoping to merge all three keys into one key (having three
distinct, separate keys on the same keyring is what I have now). Anyway,
I've almost decided to just keep the keys as they are.
I got the principles down many years ago when a computer crashed and I
lost a secret key :) and its revocation cert... since that time I've
made regular backups and have recovered from similar incidents and
revoked keys.
Thanks for your time,
Brad
More information about the Gnupg-users
mailing list