Imported secret subkey unusable "ssb#"
Ingo Klöcker
kloecker at kde.org
Mon Apr 19 11:02:14 CEST 2021
On Sonntag, 18. April 2021 21:55:59 CEST Ingo Klöcker wrote:
> On Sonntag, 18. April 2021 02:06:40 CEST anon85786376 via Gnupg-users wrote:
> > When a batch mode key is created with "Subkey-Type: ECC" and
> > "Subkey-Curve:
> > Ed25519", the key is generated without errors and appears to function
> > normally. However, importing the secret keys will yield an unusable secret
>
> > subkey:
> [...]
>
> > $ gpg -K
> > /home/me/.gnupg/pubring.kbx
> > -----------------------------
> > sec rsa3072 2021-04-17 [SC]
> >
> > 1CB8F79F656BCD71BF9A89694C95665DD06F8126
> >
> > uid [ unknown] testkey
> > ssb# ed25519 2021-04-17 [E]
>
> I could reproduce the problem.
It turns out that --gen-key allows creating invalid keys. The problem is that
ed25519 keys cannot be used for encryption. You need to create a key with an
cv25519 encryption subkey, i.e.
$ gpg --batch --gen-key <<EOF
Key-Type: default
Subkey-Type: ECC
Subkey-Curve: cv25519
Name-Real: testkey
EOF
Then export and import of the secret key works without problems.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210419/ccc6ceb1/attachment.sig>
More information about the Gnupg-users
mailing list