Offline Primary Key
Phillip Susi
psusi at cfl.rr.com
Mon Mar 1 21:31:58 CET 2010
On 3/1/2010 1:57 PM, David Shaw wrote:
> What you need to do is an --export-secret-subkeys (there is no such command as --delete-primary-keys). So, starting from a state where your whole key (primary and all secondaries) are all imported to your GPG instance, do:
Yes, I meant --delete-secret-key
> gpg --export-secret-subkeys (thekeyid)> my-secondary-keys-only.gpg
>
> Then import my-secondary-keys-only.gpg into whichever GPG you want to use it with. If you want to use it with the same one you just exported from, then do:
>
> gpg --export-secret-key (thekeyid)> my-real-secret-key.gpg
> gpg --delete-secret-key (thekeyid)
> gpg --import my-secondary-keys-only.gpg
>
> (i.e. save a copy of the full key, delete it from the keyring, and replace it with the secondary-key-only copy).
This does the trick, but I still do not understand why
--delete-secret-key removes BOTH the primary and subkey secrets when I
specifically gave only the ID of the subkey? Shouldn't it remove
exactly what I say and no more?
More information about the Gnupg-users
mailing list