Copy subkeys to primary key

David Shaw dshaw at jabberwocky.com
Tue Mar 3 23:18:33 CET 2009


On Tue, Mar 03, 2009 at 05:11:47PM +0100, Werner Koch wrote:
> On Sat,  7 Feb 2009 10:40, ian at ushills.co.uk said:
> 
> > How can I combine them so I have one secret key with both the ELG and
> > RSA subkeys under the primary key.
> 
> That is possible but requires some manual work.  You need to use
> gpgsplit to break the keys into its parts and combine them later.  Then,
> you need to create a new key binding signature.  It is probably easier
> to create new subkeys and revoke the old subkeys on the other key.
> 
> IIRC, David posted a description to this ML some time ago; I don't have
> a reference handy, though.

Is this combining two different secret keys (with different subkeys)
or combining two copies of the same secret key (with different
subkeys)?  If we're talking about the same secret key in both cases,
you can do it without any signature trickery.

1) Export both secret keys into files
   gpg --export-secret-keys 86ECAC0B > first.gpg
   gpg --export-secret-keys --secret-keyring secold.gpg 490CC343 > second.gpg

2) Run gpgsplit on the second file.
   gpgsplit second.gpg

3) Delete the parts you don't want.  You only want the subkeys, so
   delete everything until the first secret subkey packet (i.e. if the
   first secret subkey is 000004, then delete 000001, 000002, and
   000003).

4) Merge the keys:
   cat first.gpg 00000* > newkey.gpg

5) Delete the current secret key
   gpg --delete-secret-key 86ECAC0B

6) Bring in the merged key:
   gpg --import newkey.gpg

Obviously, make a backup first!

David



More information about the Gnupg-users mailing list