On 12/26/2016 06:52 PM, Guy Wyers wrote:
- Can I somehow recover from this? I guess that, at least theoretically, the public should be "derivable" from the private key?
The problem here is not that you are missing the public key (the public key *is* derivable from the private key, and GnuPG would automatically extract the public key upon importing the private key).
The problem is that you are missing the secret *primary* key to which this secret subkey should be attached.
If you do not have a backup of that primary key, I am not sure you will be able to recover.
At least with GnuPG 2.1, it should be possible to re-attach the subkey to a new primary key (because GnuPG 2.1 allows to "create" a key from a pre-existing key if you know its keygrip), *but* the newly re-attached key would still have a different key creation time and thus a different key ID... meaning that it could not be used to decrypt messages encrypted to the original key.
- How did I end up with this truncated export? As far as I remember -even if it was long long time ago- I followed the standard instructions for "storing my private key in a safe place".M
As far as I know, the only way to export a subkey only is to explicitly specify that subkey by its key ID with an appended '!', as in the following example:
$ gpg2 --output backup.gpg --export-secret-keys '0xDECAFBAD!' Otherwise, GnuPG will always export the primary key and all its subkeys.What are those "standard instructions" you are referring to? If you were instructed to backup only your secret subkey instead of your entire private keyring, I am afraid you have been badly misled.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
