The public part of a R4096(S)-Subkey is skipped when its primary key together
with further subkeys is imported from an ASCII-armored PGP PRIVATE KEY BLOCK
For the purpose of reproduction and further testing I attached the
"0x7526FBF74D4020B6_pwd=foo.sec.asc.txt" file to this issue.
This file contains the secret key material with 1 primary and 3 subkeys (R4096;
C,S,E,A). The passphrase is "foo".
When you change the expiry date of the R4096(A) subkey (key 3, expire,
e.g. 1, save), export the secret key in ASCII armored format (gpg
--armor --output 0x7526FBF74D4020B6.sec.asc.txt --export-secret-keys
0x7526FBF74D4020B6), purge it (gpg --delete-secret-and-public-keys
0x7526FBF74D4020B6) and re-import it (gpg --import
0x7526FBF74D4020B6.sec.asc.txt) the sign-only sub-RSA key is not
listed in the pubring.gpg file anymore but still in the secring.gpg
I observed this behavior with gpg Version 1.4.13 and 2.0.19.
If you make gpg's output more verbose with e.g. "gpg -v --status-fd 1 --import
missing_subkey.after.sec.asc" you get:
gpg: Schlüssel 0x4D4020B6: Ungültige Unterschlüssel-Anbindung
gpg: Schlüssel 0x4D4020B6: Unterschlüssel übersprungen
Sorry for the output in German. It says something similar to:
gpg: Schlüssel 0x4D4020B6: Invalid Subkey-Connection
gpg: Schlüssel 0x4D4020B6: Subkey skipped