Offline Primary Key

Phillip Susi psusi at
Mon Mar 1 21:31:58 CET 2010

On 3/1/2010 1:57 PM, David Shaw wrote:
> What you need to do is an --export-secret-subkeys (there is no such command as --delete-primary-keys).  So, starting from a state where your whole key (primary and all secondaries) are all imported to your GPG instance, do:

Yes, I meant --delete-secret-key

>     gpg --export-secret-subkeys (thekeyid)>  my-secondary-keys-only.gpg
> Then import my-secondary-keys-only.gpg into whichever GPG you want to use it with.  If you want to use it with the same one you just exported from, then do:
>    gpg --export-secret-key (thekeyid)>  my-real-secret-key.gpg
>    gpg --delete-secret-key (thekeyid)
>    gpg --import my-secondary-keys-only.gpg
> (i.e. save a copy of the full key, delete it from the keyring, and replace it with the secondary-key-only copy).

This does the trick, but I still do not understand why 
--delete-secret-key removes BOTH the primary and subkey secrets when I 
specifically gave only the ID of the subkey?  Shouldn't it remove 
exactly what I say and no more?

More information about the Gnupg-users mailing list