How to use an "offline" primary key
email at sven-radde.de
Sat Jan 2 14:09:34 CET 2010
With a new year comes a new keypair and this time I tried to use subkeys
to separate my secret primary key from the "day-to-day"
Using options "--no-default-keyrings --secret-keyring secring2.gpg
--public-keyring pubring2.gpg" I generated the primary key, added UIDs,
subkeys etc and then I used "--export-secret-subkeys" and "--import" to
import it into the default keyrings.
Normal signing and decryption work fine, however I cannot get an
operation to work that requires the primary key, such as re-setting an
expiry date or signing someone else's key.
I thought that I would simply 'include' the primary key by adding
"--secret-keyring secring2.gpg" whenever I need it for these kinds of
operations, but GnuPG complains about missing parts of the secret key
regardless of whether this option is present of not.
It seems I am missing something here, but I don't quite know how to proceed.
Thanks for any insights,
More information about the Gnupg-users