Multiple Subkeys for different Uses

Tue Sep 16 15:08:42 CEST 2014

I'll try, with the example.

Commands are in Courier bold, output in Courier. My notes are in normal
font.

*gpg2 --expert --no-default-keyring --secret-keyring $seckey --keyring
$pubkey --display-charset utf-8 --command-fd 0 --status-fd 2 --edit
A6213A0EC2D5F16F*

Secret key is available.

pub  4096R/A6213A0EC2D5F16F  created: 2014-09-15  expires: never
usage: SCEA
                             trust: unknown       validity: unknown
sub  2048R/8740BCECEE51D37A  created: 2014-09-15  expires: never
usage: SEA
sub  2048R/94A665734DBA1287  created: 2014-09-15  expires: 2016-09-14
 usage: E
sub  2048R/BE16484BDA38CCA1  created: 2014-09-15  expires: 2016-09-14
 usage: E
sub  2048R/2DBE6F0BEDA58669  created: 2014-09-15  expires: 2016-09-14
 usage: S
sub  2048R/64335E67B5441EC7  created: 2014-09-15  expires: 2016-09-14
 usage: S
sub  2048R/CAD36405FD140940  created: 2014-09-15  expires: 2016-09-14
 usage: A
sub  2048R/1A6033CAA3C19BE3  created: 2014-09-15  expires: 2016-09-14
 usage: A
[ unknown] (1). Test Key (with stupid password) <test02.testco at tradeboox.net
>

gpg> toggle
sec  4096R/A6213A0EC2D5F16F  created: 2014-09-15  expires: never
ssb  2048R/8740BCECEE51D37A  created: 2014-09-15  expires: never
ssb  2048R/94A665734DBA1287  created: 2014-09-15  expires: never
ssb  2048R/BE16484BDA38CCA1  created: 2014-09-15  expires: never
ssb  2048R/2DBE6F0BEDA58669  created: 2014-09-15  expires: never
ssb  2048R/64335E67B5441EC7  created: 2014-09-15  expires: never
ssb  2048R/CAD36405FD140940  created: 2014-09-15  expires: never
ssb  2048R/1A6033CAA3C19BE3  created: 2014-09-15  expires: never
(1)  Test Key (with stupid password) <test02.testco at tradeboox.net>

For each of the subkeys of interest, I did the following ("a" being the
looping variable) -

*echo "$passphrase" | gpg2 --expert --batch --no-default-keyring
--secret-keyring $seckey --keyring $pubkey --display-charset utf-8
--passphrase-fd 0 --export-secret-subkeys --no-tty --armor --export-options
export-reset-subkey-passwd ${a}! > ${master_key}.${a}.private.subkeys ; *

This gives me 3 files that I want in a separate keyring (listed below with
MD5) -

a5fcd3e138a869d03a2b398e180ab729
 A6213A0EC2D5F16F.94A665734DBA1287.private.subkeys
08d137bbdcc956a64cc3a6af8d3ce827
 A6213A0EC2D5F16F.2DBE6F0BEDA58669.private.subkeys
c7d6d5a023a09a51e89924ce0f9f0f3d
 A6213A0EC2D5F16F.CAD36405FD140940.private.subkeys

I then import these subkeys -

*$ gpg2 --expert --no-default-keyring --secret-keyring ${seckey}.1
--keyring ${pubkey}.1 --import
A6213A0EC2D5F16F.94A665734DBA1287.private.subkeys*
gpg: keyring `_keyring.sec.1' created
gpg: keyring `_keyring.pub.1' created
gpg: key A6213A0EC2D5F16F: secret key imported
gpg: key A6213A0EC2D5F16F: public key "Test Key (with stupid password) <
test02.testco at tradeboox.net>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg:       secret keys read: 1
gpg:   secret keys imported: 1
*$ gpg2 --expert --no-default-keyring --secret-keyring ${seckey}.1
--keyring ${pubkey}.1 --import
A6213A0EC2D5F16F.2DBE6F0BEDA58669.private.subkeys*
gpg: key A6213A0EC2D5F16F: already in secret keyring
gpg: Total number processed: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1
*$ gpg2 --expert --no-default-keyring --secret-keyring ${seckey}.1
--keyring ${pubkey}.1 --import
A6213A0EC2D5F16F.CAD36405FD140940.private.subkeys*
gpg: key A6213A0EC2D5F16F: already in secret keyring
gpg: Total number processed: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1

For the listing, I am expecting to see 3 subkeys, but I'm only seeing one,
the very first imported -

*$ gpg2 --expert --no-default-keyring --secret-keyring $seckey.1 --keyring
$pubkey.1 --list-keys*
----------------------------------------------------------------------------
pub   4096R/A6213A0EC2D5F16F 2014-09-15
uid               [ unknown] Test Key (with stupid password) <
test02.testco at tradeboox.net>
sub   2048R/94A665734DBA1287 2014-09-15 [expires: 2016-09-14]

$ gpg2 --expert --no-default-keyring --secret-keyring $seckey.1 --keyring
$pubkey.1 --list-secret-keys
----------------------------------------------------------------------------
sec#  4096R/A6213A0EC2D5F16F 2014-09-15
uid                          Test Key (with stupid password) <
test02.testco at tradeboox.net>
ssb   2048R/94A665734DBA1287 2014-09-15

Am I doing something wrong?

Thanks.

Sam

On 16 September 2014 17:54, Peter Lebbing <peter at digitalbrains.com> wrote:

> On 16/09/14 14:08, Sam M wrote:
> > Now, when I
> > import the three subkeys into the same (non-default) keyring, only one
> > is showing up in the key listing or when I try and edit the keys.
>
> Could you define "show up", i.e., could you give an example of you
> trying a command and the output it generates?
>
> HTH,
>
> Peter
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140916/850ea8a0/attachment-0001.html>