delkey removes only public part of a subkey
Open, WishlistPublic

Description

Subkey removed by 'delkey' command in interactive mode (gpg --edit-key) could be fully recovered by importing only it's public part - thus I suppose that the 'delkey' command removes only its public part and make the private part completely invisible but still present.

Steps to reproduce:
Machine one (with all the subkeys, including secret part of the master key)

gpg --export-secret-subkeys MY_SUB_NUM! > my_sub_key.asc
gpg --export > all_the_keys.asc

Machine two (with freshly installed gpg v 2.1.2, no keys present)

gpg --import all_the_keys.asc
gpg --import my_sub_key.asc
gpg --edit-key MY_KEY
        > key NUMBER_OF_MY_SUBKEY
        > delkey
        > save
gpg --import all_the_keys.asc

After these steps, i would expect to have only public part of MY_SUB_NUM, but I have both and I'm fully capable of signing etc.. There is no '#' after 'ssb' in the output of gpg --liste-secret-keys. If it is intentional behaviour of 'delkey' command I would expect it to be written in the doc at least..

Details

Version
2.2.1
prudemar updated the task description. (Show Details)
prudemar updated the task description. (Show Details)
prudemar updated the task description. (Show Details)Oct 13 2017, 12:10 PM
prudemar updated the task description. (Show Details)Oct 13 2017, 12:36 PM
werner added a subscriber: werner.

That is intended.

OK, sorry. Forgive me to ask here.. but is there a way how to remove both - the public and the private part? - and only of a specific subkey?

Sure: --delete-secret-and-public-key FINGERPRINT

Ooops. you meant a subkey - let me check...

No direct way. You can do this:

gpg --with-keygrip -k KEY

then copy the keygrip for the subkey you want to delete and run

gpg-connect-agent 'DELETE_KEY --force SUBKEYS_KEYGRIP' /bye
werner triaged this task as Wishlist priority.Oct 14 2017, 12:35 PM

We need a way to delete a secret subkey.