Trouble importing secret subkeys
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Mar 25 16:08:24 CET 2014
On 03/25/2014 10:27 AM, Mikael "MMN-o" Nordfeldth wrote:
> Also: One thing I noticed is that my output from 'gpg -K' for the master
> keyring (which I'm exporting from) only has one UID (the JPEG photo),
> but not the primary UID 'Mikael "MMN-o" Nordfeldth <mmn at hethane.se>'
> which is listed when using the '--edit-key' argument.
aha, this is likely to be the problem! RFC 4880 states that a valid
transferable key needs to have at least one User ID:
You can see from your --list-packets dump of subkeys that no user ID is
(take a look at your example dump from the test account and you'll see
an extra user ID and signature packet)
> If this lack of UID in the list is related, how can I include my primary
> UID with the export? Why is it excluded at all?
gpg has some rough edge cases when dealing with changed secret keys. I
don't know how you've updated the key, or transferred the key between
machines, etc, but it's entirely possible that you ran into something like:
when combined with a move from a separate home directory.
The best advice i know of here is pretty clumsy:
i'd use gpgsplit on your two separate files to break out the distinct
packets, and then use cat to combine the uid and self-sig packets from
the pubkeys file with the secrets from the subkeys file, feeding the
result into gpg --import.
so something like this:
mkdir pubpackets subpackets
(cd pubpackets && gpgsplit < ../pubkeys)
(cd subpackets && gpgsplit < ../subkeys)
cat subpackets/000001-005.secret_key \
| gpg --import
please let the list know if this works, or if you have any questions
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1010 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users