Trouble importing secret subkeys

Mikael Nordfeldth mmn at
Tue Mar 25 12:38:39 CET 2014


I'm having trouble creating a subkey-chain to import on a machine that I
don't want carrying the master key.

Following the Debian subkeys-guide[1] I come pretty far but not all the
way (though I can successfully follow it through if I generate a new
keypair for testing)

The problem I experience is when importing back the 'pubkeys' and
'subkeys' files (see Debian guide):

$ LANG=C gpg --no-use-agent --allow-secret-key-import --import pubkeys
gpg: key B52E9B31: "Mikael "MMN-o" Nordfeldth <mmn at>" not changed
gpg: key B52E9B31: no user ID
gpg: Total number processed: 2
gpg:              unchanged: 1
gpg:       secret keys read: 1

After this I cannot do 'gpg -K' (list secret keys). It gives me no
output. Even though I have a "secret keys read" status of 1. I get the
same result when importing this stuff to a brand new .gnupg config dir.

That "no user ID" message seems to be what is the difference between a
working import and non working import.
And I find it odd that the "key B52E9B31" appears twice - the first time
seeming to be correct, the second time giving the error "no user ID".

Using minimum amounts of arguments (only --import) gives the same
result. Also, I've tried getting this to work with both 'gpg' and 'gpg2'
on various machines (generally I've run on latest updates of Debian 7
and some Ubuntu).
Unfortunately I do not remember which version of gpg I originally
generated my key on, but the creation date is Dec 8 2011, reasonably the
1.x branch.

My workaround so far has been to rename the 'subkeys' file to replace
'secring.gpg'. It works, but afaik it's not recommended due to possible
binary differences between gpg versions.

Things I don't know may be related, but might:
   * I have multiple IDs with the same email address, mmn at (of
which I've revoked the "wrong" ones). (but problem remains even if I
remove these before export)
   * I have quotes in the realname (but on my freshly generated test
export/imports, that hasn't caused a problem)

Here's a list of other users seeming to have the same, pretty uncommon,
error message (dating back to 2001):

Anyone got ideas if I have somehow corrupted keys so they cannot be
imported properly (with --import), or whether I do not apply good
practice with my UIDs or something?

Thanks for any suggestions on how to get importing my subkeys without
the main key to work.


Mikael "MMN-o" Nordfeldth
XMPP/mail: mmn at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140325/ce1da62c/attachment.sig>

More information about the Gnupg-users mailing list