Imported secret subkey unusable "ssb#"
anon85786376
anon85786376 at protonmail.com
Sun Apr 18 02:06:40 CEST 2021
>From an issue raised on Stack Exchange (https://security.stackexchange.com/questions/248320/how-to-properly-export-and-re-import-gpg-secret-key-and-all-its-subkeys)
When a batch mode key is created with "Subkey-Type: ECC" and "Subkey-Curve: Ed25519", the key is generated without errors and appears to function normally. However, importing the secret keys will yield an unusable secret subkey:
$ gpg --batch --gen-key <<EOF
> Key-Type: default
> Subkey-Type: ECC
> Subkey-Curve: Ed25519
> Name-Real: testkey
> EOF
gpg: key 4C95665DD06F8126 marked as ultimately trusted
gpg: revocation certificate stored as '/home/me/.gnupg/openpgp-revocs.d/1CB8F79F656BCD71BF9A89694C95665DD06F8126.rev'
$ gpg -K
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
/home/me/.gnupg/pubring.kbx
-----------------------------
sec rsa3072 2021-04-17 [SC]
1CB8F79F656BCD71BF9A89694C95665DD06F8126
uid [ultimate] testkey
ssb ed25519 2021-04-17 [E]
$ gpg -ao test --export-secret-keys 1CB8F79F656BCD71BF9A89694C95665DD06F8126
$ gpg --yes --delete-secret-and-public-keys 1CB8F79F656BCD71BF9A89694C95665DD06F8126
$ gpg --import test
gpg: key 4C95665DD06F8126: public key "testkey" imported
gpg: key 4C95665DD06F8126: secret key imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
$ gpg -K
/home/me/.gnupg/pubring.kbx
-----------------------------
sec rsa3072 2021-04-17 [SC]
1CB8F79F656BCD71BF9A89694C95665DD06F8126
uid [ unknown] testkey
ssb# ed25519 2021-04-17 [E]
The imported secret subkey is unusable. Files can be encrypted, but decryption fails with "no secret key". This occurs on GnuPG 2.2.19 and GnuPG 2.2.27.
More information about the Gnupg-users
mailing list