Re: Unable to import Private Key
On 12/26/2016 06:52 PM, Guy Wyers wrote: - Can I somehow recover from this? I guess that, at least theoretically, the public should be "derivable" from the private key? The problem here is not that you are missing the public key (the public key *is* derivable from the private key, and GnuPG would automatically extract the public key upon importing the private key). The problem is that you are missing the secret *primary* key to which this secret subkey should be attached. If you do not have a backup of that primary key, I am not sure you will be able to recover. At least with GnuPG 2.1, it should be possible to re-attach the subkey to a new primary key (because GnuPG 2.1 allows to "create" a key from a pre-existing key if you know its keygrip), *but* the newly re-attached key would still have a different key creation time and thus a different key ID... meaning that it could not be used to decrypt messages encrypted to the original key. - How did I end up with this truncated export? As far as I remember -even if it was long long time ago- I followed the standard instructions for "storing my private key in a safe place".M As far as I know, the only way to export a subkey only is to explicitly specify that subkey by its key ID with an appended '!', as in the following example: $ gpg2 --output backup.gpg --export-secret-keys '0xDECAFBAD!' Otherwise, GnuPG will always export the primary key and all its subkeys. What are those "standard instructions" you are referring to? If you were instructed to backup only your secret subkey instead of your entire private keyring, I am afraid you have been badly misled. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Unable to import Private Key
That's what I feared looking at the output. Now, I have two questions: - Can I somehow recover from this? I guess that, at least theoretically, the public should be "derivable" from the private key? - How did I end up with this truncated export? As far as I remember -even if it was long long time ago- I followed the standard instructions for "storing my private key in a safe place". Guy Wyers On Mon, Dec 26, 2016 at 5:25 PM, Damien Goutte-Gattat < dgouttegat...@incenp.org> wrote: > On 12/26/2016 10:34 AM, Guy Wyers wrote: > >> Here is the output I get with the -vv option: >> > > Your file seems to contain only a private *sub* key. I don't think GnuPG > can import such a file (I've just tested with a similar file on my system > with GnuPG 2.1.17, I got a similar result). > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Unable to import Private Key
On 12/26/2016 10:34 AM, Guy Wyers wrote: Here is the output I get with the -vv option: Your file seems to contain only a private *sub* key. I don't think GnuPG can import such a file (I've just tested with a similar file on my system with GnuPG 2.1.17, I got a similar result). signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Unable to import Private Key
Here is the output I get with the -vv option: gpg: armor: BEGIN PGP PRIVATE KEY BLOCK gpg: armor header: Version: GnuPG v2 # off=0 ctb=9d tag=7 hlen=3 plen=966 :secret sub key packet: version 4, algo 1, created 1481270099, expires 0 pkey[0]: [2048 bits] pkey[1]: [17 bits] iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: B7A9DC9B5F3CF65E protect count: 2883584 (182) protect IV: 9f aa 8f 73 4b 73 60 8c 9c a3 0c 57 a8 78 d7 cc skey[2]: [v4 protected] keyid: F46485A39A95FE89 # off=969 ctb=89 tag=2 hlen=3 plen=287 :signature packet: algo 1, keyid B1E1E404A5BBB5FB version 4, created 1481270099, md5len 0, sigclass 0x18 digest algo 8, begin of digest 3b fa hashed subpkt 2 len 4 (sig created 2016-12-09) hashed subpkt 27 len 1 (key flags: 0C) subpkt 16 len 8 (issuer key ID B1E1E404A5BBB5FB) data: [2048 bits] gpg: Total number processed: 0 Guy Wyers On Sun, Dec 25, 2016 at 9:22 PM, Robert J. Hansen wrote: > > Any ideas? > > Try verbose mode. > > gpg -v --import keyfile.asc > > If that doesn't give you enough information, try ultra-verbose mode: > > gpg -vv --import keyfile.asc > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users