Page MenuHome GnuPG

Didn't import additional new subkey
Closed, ResolvedPublic

Description

Release: 1.2.1

Environment

Windows 2000 Pro, Windows XP Home Edition

Description

I added a new subkey to a secret key on one computer. I then exported the secret key and transfered the file to a second computer. There, I tried to import the key, but the new subkey was not recognized.

How To Repeat

I apologize, the exact commands are lost to me, but here is roughly the sequence I used:

  1. I had a DSA/ELG key-pair with an expired subkey (actually two expired subkeys). I used WinPT 0.7.96 to add a new ELG subkey
  2. I exported the secret key in ascii
  3. I imported the exported key into PGP 7.0 without trouble
  4. I tried to import into GPG (a second installation) using WinPT, but no key was imported. (The secret key pre-existed, including the expired subkey, but excepting the new subkey.)
  5. I used gpg in DOS command-line mode, and it did not import the key. It reported, correctly, that the main key already existed, but did not recognize that there was a new subkey.
  6. I deleted the secret key from my gpg keyring, and reimported it from the file. It imported the key with the expired subkey, but not the new subkey.
  7. As a last resort, I exported the key again (still in ascii), this time from PGP. To my surprise, when I imported this to gpg, the new subkey was recognized.

Fix

Import and re-export the key from PGP. Then it can be successfully imported by GPG.

Event Timeline

GnuPG does not let you merge secret keys - if you want to
import a new secret subkey onto an existing secret key, you
must delete the existing secret key first.