Changing the email address of a key

Richi Lists ricul77 at gmail.com
Thu Aug 30 10:25:07 CEST 2012 

Using the primary key was what I tried first. But when I saw the error
message "signing failed", I thought I'd have to force the proper signing
subkey, like I have to do for signing emails.

My setup is more or less the following:
http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups
with the addition of a sub key for ssh authentication:
http://www.programmierecke.net/howto/gpg-ssh.html -> section "with
smartcard (openpgp)"

Rgds
Richard

$ gpg --edit-key 0AE275A9
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  2048R/0AE275A9  created: 2012-08-07  expires: 2022-08-05  usage:
SC  
                     trust: ultimate      validity: ultimate
sub  2048R/8760DB3E  created: 2012-08-07  expires: never       usage:
E   
sub  2048R/E8401492  created: 2012-08-07  expires: never       usage:
S   
sub  2048R/5A097EF6  created: 2012-08-07  expires: never       usage:
S   
sub  2048R/EC980139  created: 2012-08-07  expires: 2022-08-05  usage:
E   
[ultimate] (1). Richard Ulrich (ulrichard) <richiulr at gmail.com>

gpg> adduid
Real name: Richard Ulrich
Email address: richi at paraeasy.ch
Comment: ulrichard
You selected this USER-ID:
    "Richard Ulrich (ulrichard) <richi at paraeasy.ch>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: secret key parts are not available
gpg: signing failed: general error


$ gpg --list-keys
/home/richi/.gnupg/pubring.gpg
------------------------------
pub   2048R/0AE275A9 2012-08-07 [expires: 2022-08-05]
uid                  Richard Ulrich (ulrichard) <richiulr at gmail.com>
sub   2048R/8760DB3E 2012-08-07
sub   2048R/E8401492 2012-08-07
sub   2048R/5A097EF6 2012-08-07
sub   2048R/EC980139 2012-08-07 [expires: 2022-08-05]


$ gpg --card-status
Application ID ...: D27600012401020000050000115F0000
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 0000115F
Name of cardholder: Richard Ulrich
Language prefs ...: de
Sex ..............: male
URL of public key : [not set]
Login data .......: [not set]
Private DO 1 .....: [not set]
Private DO 2 .....: [not set]
Private DO 3 .....: [not set]
Signature PIN ....: not forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 6
Signature key ....: 6555 FA9F AEEF 386C 50E2  7AE1 02EC 6014 E840 1492
      created ....: 2012-08-07 19:01:59
Encryption key....: 3A6C CF0A C29F 3DFC 60AF  DCCE 31AA D811 8760 DB3E
      created ....: 2012-08-07 19:00:54
Authentication key: 2C12 F55B 69D3 088E BFD9  C010 BABF AE12 5A09 7EF6
      created ....: 2012-08-07 19:04:12
General key info..: pub  2048R/E8401492 2012-08-07 Richard Ulrich
(ulrichard) <richiulr at gmail.com>
sec#  2048R/0AE275A9  created: 2012-08-07  expires: 2022-08-05
ssb>  2048R/8760DB3E  created: 2012-08-07  expires: never     
                      card-no: 0005 0000115F
ssb>  2048R/E8401492  created: 2012-08-07  expires: never     
                      card-no: 0005 0000115F
ssb>  2048R/5A097EF6  created: 2012-08-07  expires: never     
                      card-no: 0005 0000115F



On Mi, 2012-08-29 at 14:11 +0200, Peter Lebbing wrote:
> On 29/08/12 13:53, Richi Lists wrote:
> > I can't get it to work wether I try it on the primary or the sub key and
> > whether I use gpg or gpg2.
> > [...]
> > 
> > $ gpg2 -v --edit-key E8401492!
> > [...]
> > 
> > gpg: using subkey E8401492 instead of primary key 0AE275A9
> > Secret key is available.
> 
> Why are you forcing using the subkey? An UID is /always/ on the primary key, it
> makes no sense to make an UID on the subkey. I think.
> 
> Simply losing the exclamation mark should fix it, or just specify
> 
> $ gpg2 --edit-key 0AE275A9
> 
> Also, apart from UIDs on subkeys making no sense, it would seem to me that an
> UID needs to be bound with a Certification-capable signing key, whereas your
> signing subkey E8401492 can only make signatures on data. That's probably why
> GnuPG says:
> 
> > gpg: signing failed: Unusable secret key
> 
> Although it could also be that the secret part for that subkey is simply not
> available? I'm not sure whether the "secret key is available" message I quoted
> above pertains to the primary key or the secret subkey you forced on the command
> line.
> 
> If you still have problems after this explanation, please provide more data
> about your setup. You have two encryption subkeys, two data signature subkeys,
> and GnuPG complains that there are secret parts missing. It will be a lot easier
> to help you if you can explain what pieces of data are where :).
> 
> Peter.
>

More information about the Gnupg-users mailing list