disconnected binding of sub and master keys
matt at monaco.cx
Wed Feb 25 19:22:50 CET 2015
I think we should easily be able to create subkeys on our day-to-day machine,
while maintaining an air-gapped master, without transferring secret material
back and forth. This seems possible  using gpgsplit and possibly some hand
editing of hex files. By operating an offline master setup, we are agreeing to
more complexity and knowledge about openpgp details, but I think the leap from
basic to offline master is a lot smaller than from offline master to "merging"
So, is there technical reason as to why this isn't straightforward? Is it a
"patches welcome =)" type of thing? Or maybe you want to argue that I'm wasting
my time trying to avoid writing secret data to a cd/sdcard/etc to bridge my airgap.
The workflow that makes sense to me is for addkey to work even when "Secret
parts of primary key are not available" (possibly with --expert flag), resulting
an a file such as <mykey>-bind-request.asc. On the master, --import
<mykey>-bind-request.asc should do the trick, but a dedicated command would be
fine to. After this, an --export > <mykey>.pub should be able to communicate the
binding back to the active machine; however a <mykey>-bind-ack.asc might be nice
so the ultra-paranoid can inspect as little data as possible.
This is for discussion. I'm not complaining that this hasn't been implemented or
that someone needs to get to work!
More information about the Gnupg-users