On Thursday 07 June 2007 16:00:49 David SMITH wrote: > On Thu, Jun 07, 2007 at 12:31:19PM +0200, Bruno Costacurta wrote: > > Hello David, > > > > (note: I'm able to revoke this subkey (done but not sent to keyserver > > yet)). > > Do you mean that you have already generated the revocation certificate > previously, or that you have just generated one now?
(sorry for delays. I was off and abroad). I simply revoked the subkey Elgamal and sent update to keyserver. Looks like now this is reflected and so I do not (currently) have any key for encryption. This what I intended to do as I was not able to decrypt. Later I'll created a new subkey and update it the same way (after verification of correct encrypt/decrypt behaviour). I think that the problem came few months ago : as I changed computer I exported secret key only, but not secret-subkey. And so I installed the keyring but without secret part of my subkey on my current computer. Question: An export-secret should be followed by a export-secret-subkey ? Correct ? > > > The problem is that subkey comes alone and automatically when keypair is > > generated (and related keyring created). > > During creation there is only one password required which is linked to > > the primary key. My secret key and related password are OK. > > You only have one passphrase to protect the primary key; this passphrase > automatically protects all of its subkeys. > > (Actually, I think that the passphrase protects the keyring file rather > than the key, but ICBW). The fact that you don't have a separate > passphrase for your subkey is normal and not a problem. > > > Where in this process is the secret part (and related password) of subkey > > specified ? > > As I mentioned, you don't have a separate password. > > Public and secret parts are always generated together; they cannot be > generated separately. > > > How to specify correct attributes for subkey like encrypt & decrypt ? > > Public parts are always used for encryption, and private parts are > always used for decryption. There is an exception to this, where some > keys are used for signing, but I am ignoring this since you are talking > about keys generated for en/decryption. > > There is no point in generating a key for encryption but not decryption - > they are always generated as a pair - public for encryption, and secret > for decryption. If you think about it, any other scheme is nonsensical. > For example, encrypting with the secret key would mean that anyone could > decrypt the encrypted message (since the public key is, well, public). > > The secret key can't be generated from the public key, for obvious > reasons. > > Somehow I think you've lost the secret part of the subkey. -- PGP key ID: 0x2e604d51 Key : http://www.costacurta.org/keys/bruno_costacurta_pgp_key.html Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51 --
pgpYeabDN1l3W.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users