On Mar 1, 2010, at 4:11 PM, Phillip Susi wrote: > On 3/1/2010 3:37 PM, David Shaw wrote: >>> This does the trick, but I still do not understand why >>> --delete-secret-key removes BOTH the primary and subkey secrets >>> when I specifically gave only the ID of the subkey? Shouldn't it >>> remove exactly what I say and no more? >> >> It has to do with how keys are specified. In GnuPG, you can specify >> a key in a number of ways - by name, by (any) fingerprint, and by >> (any) key ID. So if you have a key named "foobar", and the key ID is >> AAAAAAAA and the subkey ID is BBBBBBBB, you could refer to that key >> with any of "foobar", "AAAAAAAA", or "BBBBBBBB". When you say >> "--delete-secret-key BBBBBBB", you're actually saying delete the >> whole key. > > > Can this be overridden? I thought that is what the ! suffix was for, > but it still deletes the whole thing.
Not for deletion. There is no way to delete a primary key "in place" while leaving the subkeys intact. Such an ability is very dangerous since if you delete that primary key without a backup, you'll never be able to make more subkeys, issue a revocation certificate, or sign someone elses key. The current design effectively forces people to manually move the valuable primary key out of the way before clobbering it with the subkey-only copy of the key. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
