backup all keys of DSA+ELG pair?

David Shaw dshaw at
Fri Jun 5 19:07:14 CEST 2009

On Jun 5, 2009, at 12:27 PM, Kārlis Repsons wrote:

> On Friday 05 June 2009 15:23:10 Werner Koch wrote:
>> On Fri,  5 Jun 2009 16:59, jh at said:
>>> On Fri Jun  5 10:52:48 2009, David Shaw <dshaw at>  
>>> wrote:
>>>> --allow-secret-key-import is a no-op.  It is no longer used for
>>>> anything.
>>> Really?  I could not import last week without it.
>> Sure:
> Ok, but I am still in problem, because, after I did
> thekey == mail address
> Machine 1: gpg --export-secret-keys (thekey) > myfile.gpg
> Machine 2: gpg --import myfile.gpg
> it says
> gpg: Total number processed: 1
> gpg:               imported: 1
> gpg:       secret keys read: 1
> gpg:   secret keys imported: 1
> However, I had there 3 subkeys today! And after doing import, they  
> all appear
> through gpg, but no way to use any with kmail!
> I also tried thekey == key ID, but it gave equal outputs for all the  
> IDs...
> What is wrong?

Nothing is wrong.  When you export a key, all of the subkeys go along  
with it.

> Actually, I would appreciate, if someone explains me the concept of  
> master and
> subkeys in gpg -
> 1) the exclusive/overlapping functions of them

Traditionally, the master key is used for signing and a subkey is used  
for encryption.  In practice, you can actually have many subkeys, each  
with whatever purpose you like.

> 2) does fingerprint change, if subkey is added (or, does that refer  
> to the
> master key only)?

No, the fingerprint does not change.  The key fingerprint is that of  
the master key.

(Subkeys actually have fingerprints too, but you don't usually see  
them since referring to the master key brings all of the subkeys along  

> 3) how about the revocation certificates, that are generated for  
> master key,
> if signing subkey is added afterwards?

Key revocation certificates are always generated for and by a master  


More information about the Gnupg-users mailing list