How to use an "offline" primary key

Sven Radde email at
Sat Jan 2 14:09:34 CET 2010

Hello GnuPG-Users!

With a new year comes a new keypair and this time I tried to use subkeys
to separate my secret primary key from the "day-to-day"
encryption/signing keys.

Using options "--no-default-keyrings --secret-keyring secring2.gpg
--public-keyring pubring2.gpg" I generated the primary key, added UIDs,
subkeys etc and then I used "--export-secret-subkeys" and "--import" to
import it into the default keyrings.

Normal signing and decryption work fine, however I cannot get an
operation to work that requires the primary key, such as re-setting an
expiry date or signing someone else's key.
I thought that I would simply 'include' the primary key by adding
"--secret-keyring secring2.gpg" whenever I need it for these kinds of
operations, but GnuPG complains about missing parts of the secret key
regardless of whether this option is present of not.

It seems I am missing something here, but I don't quite know how to proceed.

Thanks for any insights,

More information about the Gnupg-users mailing list