Combining Secret Keys

Brad Tilley btilley at vt.edu
Tue Dec 11 14:58:19 CET 2007


John Clizbe wrote:
> Brad Tilley wrote:
>> OK, thanks for the tip. So, I won't need to change anything publicly? 
>> Currently, I publish the public keys on a website... nothing to change 
>> there? To go from three to one, I will import two of the private keys 
>> into the remaining private key. Is it then OK to delete the individual 
>> secret keys that I imported? What about revocation certs... are the ones 
>> I have now OK, or should they be re-generated?
> 
> I think you misunderstand. You may import the keys to the same keyring file, but
> each public-secret key pair remains a distinct entity.
> 
> You cannot merge multiple secret keys into a single key instance. You can only
> store them in the same file.
> 
> Your existing revocation certs are fine *for each individual key*. If you wish a
> public key to no longer be usable, you may import the key's revocation
> certificate and publish the revoked key.
> 
> If you delete a secret key, you lose its use. You will no longer be able to
> decrypt content encrypted to the corresponding public key.
> 
>> I apologize for all the questions... just don't wan t to screw this up.
> 
> Do not delete any of your secret keys until you understand the principles a bit
> better.  Your present course will lead you to unwelcome and undesired results.
> 
> I'll hazard a guess that you are conflating user IDs with the actual key material.

Sorry, my terminology wasn't accurate. I understand what you are saying. 
However, I was hoping to merge all three keys into one key (having three 
distinct, separate keys on the same keyring is what I have now). Anyway, 
I've almost decided to just keep the keys as they are.

I got the principles down many years ago when a computer crashed and I 
lost a secret key :) and its revocation cert... since that time I've 
made regular backups and have recovered from similar incidents and 
revoked keys.

Thanks for your time,

Brad






More information about the Gnupg-users mailing list