disconnected binding of sub and master keys

Matthew Monaco matt at monaco.cx
Wed Feb 25 19:22:50 CET 2015

I think we should easily be able to create subkeys on our day-to-day machine,
while maintaining an air-gapped master, without transferring secret material
back and forth. This seems possible [1][2] using gpgsplit and possibly some hand
editing of hex files. By operating an offline master setup, we are agreeing to
more complexity and knowledge about openpgp details, but I think the leap from
basic to offline master is a lot smaller than from offline master to "merging"

So, is there technical reason as to why this isn't straightforward? Is it a
"patches welcome =)" type of thing? Or maybe you want to argue that I'm wasting
my time trying to avoid writing secret data to a cd/sdcard/etc to bridge my airgap.

The workflow that makes sense to me is for addkey to work even when "Secret
parts of primary key are not available" (possibly with --expert flag), resulting
an a file such as <mykey>-bind-request.asc. On the master, --import
<mykey>-bind-request.asc should do the trick, but a dedicated command would be
fine to. After this, an --export > <mykey>.pub should be able to communicate the
binding back to the active machine; however a <mykey>-bind-ack.asc might be nice
so the ultra-paranoid can inspect as little data as possible.

This is for discussion. I'm not complaining that this hasn't been implemented or
that someone needs to get to work!

[1] http://atom.smasher.org/gpg/gpg-migrate.txt
[2] https://lists.gnupg.org/pipermail/gnupg-users/2010-August/039307.html


More information about the Gnupg-users mailing list