Page MenuHome GnuPG

private main and subkeys spread over several keyrings
Closed, ResolvedPublic

Description

see http://lists.gnupg.org/pipermail/gnupg-devel/2010-June/025611.html

If the private main key and the private subkeys are kept in different keyrings
(e.g. as protection by taking the main key offline when not needed which is most
of the time) then --list-secret-key shows the private main key but signing other
keys (--edit-key sign) does not work if the main key is not contained in the
first keyring.

gpg --secret-keyring secring2.gpg --edit-key 297AB799

does not work if the private main key is located at secring2.gpg but

gpg --no-default-keyring --secret-keyring secring2.gpg --secret-keyring
secring.gpg --edit-key 297AB799

does work. If a subkey is needed this problem does not occur. Decryption works
with both keyring orders.

Details

Version
2.0.15

Event Timeline

werner added a subscriber: werner.

We have no way to merge secret keys. Thus fixing this would be very hard.
There are a couple of other problems related to this and we won't fix them either.

GnuPG 2.1 dropped all the secring gpg stuff and keeps the secret parts of a key
a a central location. Thus there is no more ned for this. 2.1 is work in
progress, though.

werner claimed this task.