private subkeys are never deleted on non-master instances
Closed, InvalidPublic


I am interested to set up a high-security key of the type recommended by many people. Namely, to set up an offline 'master' key for certification only, and only export subkeys to my work machine. However, I noticed that there is no natural way to delete the private keys on the work machine, after they are imported. Even using '--delete-secret-and-public-key', which one presumes should nuke everything, actually leaves behind the private key without warning the user.

Steps to reproduce (I am using 2.1.15 on Ubuntu):

<generate key on offline machine>
gpg --export-secret-subkeys XXX > child.gpg

<import child.gpg on work machine>
ls -l .gnupg/private-keys-v1.d/
<observe recently created file corresponding to the subkey>
gpg --delete-secret-and-public-key XXX
ls -l .gnupg/private-keys-v1.d/
<observe that the subkey file is still there!!>


werner added a subscriber: werner.Feb 6 2018, 6:30 PM

2.1.15 is a pretty old version. Please help us and try to replicate this with a 2.2 version and also give a log of the --delete-secret-and-public-key and --list-secret-key commands.

werner triaged this task as Low priority.
werner closed this task as Invalid.Nov 5 2018, 10:12 AM

No info received.