decrypt : primary key or subkey ?

David SMITH dave.smith at st.com
Thu Jun 7 10:27:08 CEST 2007 

On Wed, Jun 06, 2007 at 06:53:48PM +0200, Bruno Costacurta wrote:
> Sorry but indeed I have the secret key for 0x2E604D51 and it's valid (I just 
> installed my gpg keyrings on a new computer and use it for signing).
> The 0CC897B5 is a subkey and was created automatically with 0x2E604D5 creation 
> and never ask specific password.

No, you should have a subkey for both 0x2E604D51 /and/ 0x0CC897B5.

Here are the details of my keys:

bris0085(23)% gpg --list-keys --verbose
/home/damia/users/dsmith/.gnupg/pubring.gpg
-------------------------------------------
pub   1024D/F13192F2 2002-02-12
uid                  David Smith (STMicroelectronics) <Dave.Smith at st.com>
uid                  David Smith (Home) <David.Smith at ds-electronics.co.uk>
sub   1024g/FA5EA4A2 2002-02-12 [expired: 2002-08-11]
sub   1024g/BE299CC1 2002-07-20 [expired: 2003-01-16]
sub   1024g/C8D6DAB9 2003-01-18 [expired: 2003-07-17]
sub   1024g/B643FF36 2003-11-09 [expired: 2004-05-07]
sub   1024g/80454033 2004-05-17 [expired: 2004-11-13]
sub   1024g/F5FE6DF8 2004-12-07 [expired: 2005-06-05]
sub   1024g/0DD8A13F 2005-09-05 [expired: 2006-03-04]
sub   1024g/9249F278 2006-06-20 [expired: 2006-12-17]
sub   1024g/3712DE29 2006-12-22 [expired: 2006-12-24]
sub   4096g/42F250C4 2007-01-13 [expires: 2007-07-12]

bris0085(22)% gpg --list-secret-keys
/home/damia/users/dsmith/.gnupg/secring.gpg
-------------------------------------------
sec   1024D/F13192F2 2002-02-12
uid                  David Smith (Home) <David.Smith at ds-electronics.co.uk>
uid                  David Smith (STMicroelectronics) <Dave.Smith at st.com>
ssb   1024g/FA5EA4A2 2002-02-12
ssb   1024g/BE299CC1 2002-07-20
ssb   1024g/C8D6DAB9 2003-01-18
ssb   1024g/B643FF36 2003-11-09
ssb   1024g/80454033 2004-05-17
ssb   1024g/F5FE6DF8 2004-12-07
ssb   1024g/0DD8A13F 2005-09-05
ssb   1024g/9249F278 2006-06-20

Note that my main (signing) key has both public (pub) and secret (sec)
parts, and each of my subkeys have public (sub) and secret (ssb) parts.

Compare this with yours:

% gpg --list-secret-keys -v  0x2E604D51
gpg: no secret subkey for public subkey 0CC897B5 - ignoring
sec   1024D/2E604D51 2006-06-11
uid                  Bruno Costacurta <bruno at costacurta.org>
uid                  Bruno Costacurta <contract at costacurta.org>
uid       [ revoked] pubmb01 <pubmb01 at skynet.be>
uid       [ revoked] Bruno Costacurta <cob1 at biz.tiscali.be>
uid       [ revoked] pubmb02 <pubmb02 at skynet.be>
uid                  Bruno Costacurta <pubmb01 at skynet.be>


You seem to have managed to lose the secret part of your subkey, either
through a bug or data corruption, or through human error.

Unless you can find the secret part of your subkey again, the public
part is worthless, and should be revoked by publishing a revocation
certificate.  This does, of course, assume that you generated a
revocation certificate before you lost the secret part....

-- 
David Smith        | Tel: +44 (0)1454 462380    Home: +44 (0)1454 616963
STMicroelectronics | Fax: +44 (0)1454 462305  Mobile: +44 (0)7932 642724
1000 Aztec West    | TINA: 065 2380          GPG Key: 0xF13192F2
Almondsbury        | Work Email: Dave.Smith at st.com
BRISTOL, BS32 4SQ  | Home Email: David.Smith at ds-electronics.co.uk

More information about the Gnupg-users mailing list