Unable to import Private Key

Damien Goutte-Gattat dgouttegattat at incenp.org
Mon Dec 26 22:21:37 CET 2016


On 12/26/2016 06:52 PM, Guy Wyers wrote:
> - Can I somehow recover from this? I guess that, at least theoretically,
> the public should be "derivable" from the private key?

The problem here is not that you are missing the public key (the public 
key *is* derivable from the private key, and GnuPG would automatically 
extract the public key upon importing the private key).

The problem is that you are missing the secret *primary* key to which 
this secret subkey should be attached.

If you do not have a backup of that primary key, I am not sure you will 
be able to recover.

At least with GnuPG 2.1, it should be possible to re-attach the subkey 
to a new primary key (because GnuPG 2.1 allows to "create" a key from a 
pre-existing key if you know its keygrip), *but* the newly re-attached 
key would still have a different key creation time and thus a different 
key ID... meaning that it could not be used to decrypt messages 
encrypted to the original key.


> - How did I end up with this truncated export? As far as I remember -even
> if it was long long time ago- I followed the standard instructions for
> "storing my private key in a safe place".M

As far as I know, the only way to export a subkey only is to explicitly 
specify that subkey by its key ID with an appended '!', as in the 
following example:

    $ gpg2 --output backup.gpg --export-secret-keys '0xDECAFBAD!'

Otherwise, GnuPG will always export the primary key and all its subkeys.

What are those "standard instructions" you are referring to? If you were 
instructed to backup only your secret subkey instead of your entire 
private keyring, I am afraid you have been badly misled.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161226/1bb6afec/attachment-0001.sig>


More information about the Gnupg-users mailing list