Imported secret subkey unusable "ssb#"

anon85786376 anon85786376 at
Sun Apr 18 02:06:40 CEST 2021

>From an issue raised on Stack Exchange (

When a batch mode key is created with "Subkey-Type: ECC" and "Subkey-Curve: Ed25519", the key is generated without errors and appears to function normally. However, importing the secret keys will yield an unusable secret subkey:

$ gpg --batch --gen-key <<EOF
> Key-Type: default
> Subkey-Type: ECC
> Subkey-Curve: Ed25519
> Name-Real: testkey
gpg: key 4C95665DD06F8126 marked as ultimately trusted
gpg: revocation certificate stored as '/home/me/.gnupg/openpgp-revocs.d/1CB8F79F656BCD71BF9A89694C95665DD06F8126.rev'

$ gpg -K
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
sec   rsa3072 2021-04-17 [SC]
uid           [ultimate] testkey
ssb   ed25519 2021-04-17 [E]

$ gpg -ao test --export-secret-keys 1CB8F79F656BCD71BF9A89694C95665DD06F8126

$ gpg --yes --delete-secret-and-public-keys 1CB8F79F656BCD71BF9A89694C95665DD06F8126

$ gpg --import test
gpg: key 4C95665DD06F8126: public key "testkey" imported
gpg: key 4C95665DD06F8126: secret key imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

$ gpg -K
sec   rsa3072 2021-04-17 [SC]
uid           [ unknown] testkey
ssb#  ed25519 2021-04-17 [E]

The imported secret subkey is unusable. Files can be encrypted, but decryption fails with "no secret key". This occurs on GnuPG 2.2.19 and GnuPG 2.2.27.

More information about the Gnupg-users mailing list