regenerate sub key binding, change primary key to subkey

Kostantinos Koukopoulos koukopoulos at
Wed Sep 26 14:08:51 CEST 2012


I've been reading Atom Smasher's tutorial [1] about migrating a key to
another, but unfortunately from some experimentation his warning [2]
about it needing an update seems spot-on. I wonder if someone could
mention what issues there are with it and maybe help me move a
recently recovered key into my current key.

My problem, possibly unrelated to the outdatedness of the tutorial,
is that after following through with the instructions I get keyrings
that look almost completely right but are unusable in at least two

1) upon export and import gpg loses the public part of the old,
formerly primary key.
2) upon signing gpg complains that the subkey is unusable.

One thing that doesn't seem right is that the subkey's key usage flags
go missing, even though --list-packets shows the key flags. Also
--edit-keys only temporarily updates the expiration period, which is
lost after typing 'save'.

Here is an example output from the resulting keyrings:

$ date | gpg -u '3FA8B141!' --clearsign --debug 64
gpg: WARNING: unsafe permissions on homedir `/tmp/test'
gpg: NOTE: no default option file `/tmp/test/gpg.conf'
Warning: using insecure memory!
gpg: enabled debug flags: cache
gpg: DBG: finish_lookup: checking key ABFB5763 (all)(req_usage=0)
gpg: DBG:       using key ABFB5763
gpg: DBG: finish_lookup: checking key ABFB5763 (one)(req_usage=1)
gpg: DBG:       checking subkey 3FA8B141
gpg: DBG:       subkey not valid
gpg: DBG:       no suitable key found -  giving up
gpg: skipped "3FA8B141!": Unusable secret key
gpg: [stdin]: clearsign failed: Unusable secret key
secmem usage: 0/32768 bytes in 0 blocks

I assume that gpg does not regenerate the key-binding signature
correctly or at all. If this is the problem, is there an alternative
way to fix the keyring?

Many thanks for any hints or solutions,


More information about the Gnupg-users mailing list