Page MenuHome GnuPG

Add documentation to gpgsm how to delete a secret key.
Closed, ResolvedPublic


Checking Revision 4847, there is no explanation how
to delete a secret key for gpgsm.

It is true that this is rarely used operation, but there are real use cases.
Just today I had a user that somehow made a mistake while importing
a secret key and now did not have the password anymore.
Even when he had the .p12 to import the secret key again, he could not
change or set a new password. So during the import attempt I saw
the file name in ~/.gnupg/private-keys-v1.d/ and manually deleted the file.
Now a reimport worked and the new password was set.

I suggest to put a short explanation in the documentation
why there is no explicit --delete-secret-keys command
and how to do it manually in the rare cases this must be done.



Related Objects

Event Timeline

bernhard set Version to 2.0.9.
bernhard added projects: S/MIME, gnupg.
bernhard added subscribers: marcus, bernhard, werner.

Okay, I change the man page to read:

`--delete-keys PATTERN'

Delete the keys matching PATTERN.  Note that there is no command
to delete the secret part of the key directly.  In case you need
to do this, you should run the command `gpg --dump-secret-keys
KEYID' before you delete the key, copy the string of hex-digits in
the "keygrip" line and delete the file consisting of these
hex-digits and the suffix `.key' from the `private-keys-v1.d'
directory below our GnuPG home directory (usually `~/.gnupg').
bernhard removed a project: Restricted Project.

Checking the text from T960 (wk on Oct 13 2008, 10:45 AM / Roundup):
I think the text is a significant improvement.

There is a typo, though, it must be
'gpgsm --dump-secret-keys KEYID" and _not_ "gpg".

(Closable directly, after the typo is fixed.)