Page MenuHome GnuPG

delkey removes only public part of a subkey
Open, WishlistPublic


Subkey removed by 'delkey' command in interactive mode (gpg --edit-key) could be fully recovered by importing only it's public part - thus I suppose that the 'delkey' command removes only its public part and make the private part completely invisible but still present.

Steps to reproduce:
Machine one (with all the subkeys, including secret part of the master key)

gpg --export-secret-subkeys MY_SUB_NUM! > my_sub_key.asc
gpg --export > all_the_keys.asc

Machine two (with freshly installed gpg v 2.1.2, no keys present)

gpg --import all_the_keys.asc
gpg --import my_sub_key.asc
gpg --edit-key MY_KEY
        > key NUMBER_OF_MY_SUBKEY
        > delkey
        > save
gpg --import all_the_keys.asc

After these steps, i would expect to have only public part of MY_SUB_NUM, but I have both and I'm fully capable of signing etc.. There is no '#' after 'ssb' in the output of gpg --liste-secret-keys. If it is intentional behaviour of 'delkey' command I would expect it to be written in the doc at least..



Event Timeline

prudemar updated the task description. (Show Details)
prudemar updated the task description. (Show Details)
werner added a subscriber: werner.

That is intended.

OK, sorry. Forgive me to ask here.. but is there a way how to remove both - the public and the private part? - and only of a specific subkey?

Sure: --delete-secret-and-public-key FINGERPRINT

Ooops. you meant a subkey - let me check...

No direct way. You can do this:

gpg --with-keygrip -k KEY

then copy the keygrip for the subkey you want to delete and run

gpg-connect-agent 'DELETE_KEY --force SUBKEYS_KEYGRIP' /bye
werner triaged this task as Wishlist priority.Oct 14 2017, 12:35 PM

We need a way to delete a secret subkey.