Hello, I'm having trouble creating a subkey-chain to import on a machine that I don't want carrying the master key.
Following the Debian subkeys-guide[1] I come pretty far but not all the way (though I can successfully follow it through if I generate a new keypair for testing) The problem I experience is when importing back the 'pubkeys' and 'subkeys' files (see Debian guide): """ $ LANG=C gpg --no-use-agent --allow-secret-key-import --import pubkeys subkeys gpg: key B52E9B31: "Mikael "MMN-o" Nordfeldth <m...@hethane.se>" not changed gpg: key B52E9B31: no user ID gpg: Total number processed: 2 gpg: unchanged: 1 gpg: secret keys read: 1 """ After this I cannot do 'gpg -K' (list secret keys). It gives me no output. Even though I have a "secret keys read" status of 1. I get the same result when importing this stuff to a brand new .gnupg config dir. That "no user ID" message seems to be what is the difference between a working import and non working import. And I find it odd that the "key B52E9B31" appears twice - the first time seeming to be correct, the second time giving the error "no user ID". Using minimum amounts of arguments (only --import) gives the same result. Also, I've tried getting this to work with both 'gpg' and 'gpg2' on various machines (generally I've run on latest updates of Debian 7 and some Ubuntu). Unfortunately I do not remember which version of gpg I originally generated my key on, but the creation date is Dec 8 2011, reasonably the 1.x branch. My workaround so far has been to rename the 'subkeys' file to replace 'secring.gpg'. It works, but afaik it's not recommended due to possible binary differences between gpg versions. Things I don't know may be related, but might: * I have multiple IDs with the same email address, m...@hethane.se (of which I've revoked the "wrong" ones). (but problem remains even if I remove these before export) * I have quotes in the realname (but on my freshly generated test export/imports, that hasn't caused a problem) Here's a list of other users seeming to have the same, pretty uncommon, error message (dating back to 2001): http://www.gossamer-threads.com/lists/gnupg/users/5880 http://www.gossamer-threads.com/lists/gnupg/users/40969 Anyone got ideas if I have somehow corrupted keys so they cannot be imported properly (with --import), or whether I do not apply good practice with my UIDs or something? Thanks for any suggestions on how to get importing my subkeys without the main key to work. [1]. https://wiki.debian.org/Subkeys?action=show&redirect=subkeys -- Mikael "MMN-o" Nordfeldth XMPP/mail: m...@hethane.se http://blog.mmn-o.se/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users