Utilizing facts of homedir organization (was: Exact definition of token S/N field for --with-colons)
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Sep 24 16:18:44 CEST 2018
On Mon 2018-09-24 01:09:25 +0100, Andrew Luke Nesbit wrote:
> This is using the contents of `~/.gnupg/private-keys-v1.d/` as an API.
> If this is *not* part of the API, then what *is* the official
> recommendation for generating subkeys?
The part of those pages about "generating subkeys" does use the GnuPG
API.
So I think the question you're asking is "what is the official
recommendation for deleting the cryptographic secret associated with the
master key?"
I agree that it would be nice if there was a clear, supported API for
doing that. I suspect it would be something like:
gpg-connect-agent "delete_key $KEYGRIP" /bye
(and you probably want to get the keygrip via
gpg --with-colons --with-keygrip $FINGERPRINT
)
This clearly isn't a usable situation for most users, so it's primarily
important to document it so that more usable tools can be written that
know how to safely interact with GnuPG under the hood.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180924/b3e551fc/attachment.sig>
More information about the Gnupg-users
mailing list