Change Details

``` $ tpm2_testparms rsa2048 $ gpg --edit-key 6ED87427C830FB1D06AF5383700CBA7FFF688DBF gpg (GnuPG) 2.4.3; Copyright (C) 2023 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 5 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 5u gpg: next trustdb check due at 2026-08-06 sec rsa2048/700CBA7FFF688DBF created: 2023-08-08 expires: 2026-08-07 usage: SC trust: ultimate validity: ultimate [ultimate] (1). Test Test4 <test@test.com> gpg> keytotpm Really move the primary key? (y/N) y sec rsa2048/700CBA7FFF688DBF created: 2023-08-08 expires: 2026-08-07 usage: SC trust: ultimate validity: ultimate [ultimate] (1). Test Test4 <test@test.com> gpg> save Key not changed so no update needed. ``` Was asked for the secret key passphrase and TPM authorization passphrase (twice). No shadowed private key file is created and no error is reported. Using gpg 2.4.3 on Arch Linux.

``` $ tpm2_testparms rsa2048 $ gpg --edit-key 6ED87427C830FB1D06AF5383700CBA7FFF688DBF gpg (GnuPG) 2.4.3; Copyright (C) 2023 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 5 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 5u gpg: next trustdb check due at 2026-08-06 sec rsa2048/700CBA7FFF688DBF created: 2023-08-08 expires: 2026-08-07 usage: SC trust: ultimate validity: ultimate [ultimate] (1). Test Test4 <test@test.com> gpg> keytotpm Really move the primary key? (y/N) y sec rsa2048/700CBA7FFF688DBF created: 2023-08-08 expires: 2026-08-07 usage: SC trust: ultimate validity: ultimate [ultimate] (1). Test Test4 <test@test.com> gpg> save Key not changed so no update needed. ``` Was asked for the secret key passphrase and TPM authorization passphrase (twice). No shadowed private key file is created and no error is reported. Tested with gpg 2.4.3 on Arch Linux and Fedora 39 on two machines.

``` $ tpm2_testparms rsa2048 $ gpg --edit-key 6ED87427C830FB1D06AF5383700CBA7FFF688DBF gpg (GnuPG) 2.4.3; Copyright (C) 2023 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 5 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 5u gpg: next trustdb check due at 2026-08-06 sec rsa2048/700CBA7FFF688DBF created: 2023-08-08 expires: 2026-08-07 usage: SC trust: ultimate validity: ultimate [ultimate] (1). Test Test4 <test@test.com> gpg> keytotpm Really move the primary key? (y/N) y sec rsa2048/700CBA7FFF688DBF created: 2023-08-08 expires: 2026-08-07 usage: SC trust: ultimate validity: ultimate [ultimate] (1). Test Test4 <test@test.com> gpg> save Key not changed so no update needed. ``` Was asked for the secret key passphrase and TPM authorization passphrase (twice). No shadowed private key file is created and no error is reported. UsingTested with gpg 2.4.3 on Arch Linux and Fedora 39 on two machines.