I'm using relatively short-lived subkeys that I change expiration of once in a
while. Apparently, doing this damages your subkey secret keyring.
This came up when testing OpenPGP keychain, see my bug report:
which refers to another bug of theirs:
which says that GnuPG 2.1 fixes this. That's good. However, I just tested it
in GnuPG 1.4.18 and 2.0.26 and it does not work. I don't have GnuPG 2.1 on that
machine, so I couldn't confirm that it is fixed in 2.1. This is a request to
fix it in 1.4 and 2.0 if doing so is feasible.
The recipe to reproduce this is simple but a bit time-consuming:
- Create a key with some subkeys.
- Display it with gpg --export-secret-keys DEADBEEF | gpg --list-packets
- Change expiration date of the subkeys.
- Again display it.
Compare the outputs and note that the keyflags of the signature subkey has
changed from 02 to 20 and that the signature is gone.