Page MenuHome GnuPG
Create Task
Maniphest T3447

delkey removes only public part of a subkey
Open, WishlistPublic
Actions

Description

Subkey removed by 'delkey' command in interactive mode (gpg --edit-key) could be fully recovered by importing only it's public part - thus I suppose that the 'delkey' command removes only its public part and make the private part completely invisible but still present.

Steps to reproduce:
Machine one (with all the subkeys, including secret part of the master key)

gpg --export-secret-subkeys MY_SUB_NUM! > my_sub_key.asc
gpg --export > all_the_keys.asc

Machine two (with freshly installed gpg v 2.1.2, no keys present)

gpg --import all_the_keys.asc
gpg --import my_sub_key.asc
gpg --edit-key MY_KEY
        > key NUMBER_OF_MY_SUBKEY
        > delkey
        > save
gpg --import all_the_keys.asc

After these steps, i would expect to have only public part of MY_SUB_NUM, but I have both and I'm fully capable of signing etc.. There is no '#' after 'ssb' in the output of gpg --liste-secret-keys. If it is intentional behaviour of 'delkey' command I would expect it to be written in the doc at least..

Details

Version
2.2.1

Related Objects

Event Timeline

prudemar created this task.Oct 13 2017, 11:19 AM
prudemar updated the task description. (Show Details)
prudemar updated the task description. (Show Details)
prudemar added projects: gnupg, Debian.Oct 13 2017, 11:25 AM
prudemar updated the task description. (Show Details)Oct 13 2017, 12:10 PM
prudemar updated the task description. (Show Details)Oct 13 2017, 12:36 PM
werner removed a project: Bug Report.Oct 13 2017, 2:34 PM
werner added a subscriber: werner.

That is intended.

prudemar added a comment.Oct 13 2017, 2:44 PM

OK, sorry. Forgive me to ask here.. but is there a way how to remove both - the public and the private part? - and only of a specific subkey?

werner added a comment.Oct 14 2017, 12:29 PM

Sure: --delete-secret-and-public-key FINGERPRINT

werner added a comment.Oct 14 2017, 12:30 PM

Ooops. you meant a subkey - let me check...

werner added a comment.Oct 14 2017, 12:34 PM

No direct way. You can do this:

gpg --with-keygrip -k KEY

then copy the keygrip for the subkey you want to delete and run

gpg-connect-agent 'DELETE_KEY --force SUBKEYS_KEYGRIP' /bye
werner triaged this task as Wishlist priority.Oct 14 2017, 12:35 PM

We need a way to delete a secret subkey.

matheusmoreira added a subscriber: matheusmoreira.May 9 2019, 9:58 PM
matheusmoreira mentioned this in T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested).May 9 2019, 10:12 PM