backup all keys of DSA+ELG pair?
David Shaw
dshaw at jabberwocky.com
Fri Jun 5 19:07:14 CEST 2009
On Jun 5, 2009, at 12:27 PM, Kārlis Repsons wrote:
> On Friday 05 June 2009 15:23:10 Werner Koch wrote:
>> On Fri, 5 Jun 2009 16:59, jh at jameshoward.us said:
>>> On Fri Jun 5 10:52:48 2009, David Shaw <dshaw at jabberwocky.com>
>>> wrote:
>>>> --allow-secret-key-import is a no-op. It is no longer used for
>>>> anything.
>>>
>>> Really? I could not import last week without it.
>>
>> Sure:
> Ok, but I am still in problem, because, after I did
>
> thekey == mail address
> Machine 1: gpg --export-secret-keys (thekey) > myfile.gpg
> Machine 2: gpg --import myfile.gpg
>
> it says
>
> gpg: Total number processed: 1
> gpg: imported: 1
> gpg: secret keys read: 1
> gpg: secret keys imported: 1
>
> However, I had there 3 subkeys today! And after doing import, they
> all appear
> through gpg, but no way to use any with kmail!
> I also tried thekey == key ID, but it gave equal outputs for all the
> IDs...
> What is wrong?
Nothing is wrong. When you export a key, all of the subkeys go along
with it.
> Actually, I would appreciate, if someone explains me the concept of
> master and
> subkeys in gpg -
> 1) the exclusive/overlapping functions of them
Traditionally, the master key is used for signing and a subkey is used
for encryption. In practice, you can actually have many subkeys, each
with whatever purpose you like.
> 2) does fingerprint change, if subkey is added (or, does that refer
> to the
> master key only)?
No, the fingerprint does not change. The key fingerprint is that of
the master key.
(Subkeys actually have fingerprints too, but you don't usually see
them since referring to the master key brings all of the subkeys along
automatically).
> 3) how about the revocation certificates, that are generated for
> master key,
> if signing subkey is added afterwards?
Key revocation certificates are always generated for and by a master
key.
David
More information about the Gnupg-users
mailing list