v1.4.22: re--importing --export'ed key from --export-secret-subkeys dir cannot --encrypt
Steffen Nurpmeso
steffen at sdaoden.eu
Mon Jun 11 16:32:34 CEST 2018
A nice Monday afternoon i wish, i have a post scriptum.
Steffen Nurpmeso wrote in <20180604134413.SlJyg%steffen at sdaoden.eu>:
|Last saturday i search/stumbled over an interesting Debian page
|(Subkey.html) which describes how to generate a dedicated siging
|subkeys, and how to create a new key pool via
|--export-secret-subkeys which does not contain (all parts of) the
|real private key, so that the secret key can be stored "somewhere
|else" but the newly reimported secret (sub)key can still be used
|for signing purposes.
...
|(sorry), i cannot find a bug in the bug-db that corresponds to the
|behaviour i see, and that is that i neither can --export the
|public key from that mutilated private key and use that one for
|--encrypt'ion, nor can use the key itself for that (the encryption
|key seems "hidden", but if i "toggle" --edit-key then i can see it
|still). But i can use it for signing purposes.
So i ended up with two directories, pgp-backup.git without
secring.gpg and only the public key which can encrypt, and
pgp.git, which is ~/.gnupg, has the mutilated private key, and can
sign.
Just ten minutes ago however i have found out that if i --export
the key from pgp-backup.git and --import it into pgp.git, then the
latter gains encryption capabilities again! I thought i had tried
that with the GNUPGHOME which has the full private key, and
failed, but maybe i was in a state of confusion by then (already).
Anyway, this new --import mysteriously said
Reading passphrase from file descriptor 4
gpg: key ... 2 new signatures
gpg: key .. 1 new subkey
gpg: Total number processed: 1
gpg: new subkeys: 1
gpg: new signatures: 2
and i now have the signature for the newly created signing subkey
two times, and encryption works.
~/.gnupg is now fully functional again!
Ciao from within the Greyness,
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
More information about the Gnupg-users
mailing list