Hi, On 10/04/17 10:46, Johannes Graumann wrote: > 2) Import offline master key (backup): > gpg --import <KEYID>.master.key
- Which version of GnuPG is this? GnuPG 1.4 will not ever update the secret part of a key, so you'll have to delete the existing copy first. Be very careful! You're deleting a copy of your secret key, make sure you know what you're doing. I believe this also went for 2.0 and only 2.1 can update secret keys, but I'm not sure and can't check from the passenger seat of the car I'm in :-D. - Note that you are negating a large part of an offline master key by bringing it online. Usually, you'd use a different computer to do master key operations on, a computer that doesn't have an internet connection. If you're worried about your computer being hacked, note it usually won't suddenly automatically become un-hacked later, it'll just stay hacked until reinstalled. But there is no single correct answer to this. > 3) Edit expiry of subkeys (pubkey): > gpg --expert --edit-key <KEYID> You shouldn't need to specify --expert to extend expiries. > - toggle keys 1, 2, 3 (sign, encrypt, authentication) > - expire: 1y > - save > > 4) Remove secret master keys: > gpg --delete-secret-keys <KEYID> This has just removed all your private keys belonging to this certificate, primary *and* subkeys. > As a result the keys remain unavailable (expired?) to all means I > intent to use them with (kmail/kgpg/kleopatra, evolution/seahorse, > etc.). ... You /did/ just delete all keys :-). You'll need to restore your private key from backup, and follow the instructions you used earlier to create a subkey-only keyring. By the way, it helps if you post the output of the commands, because we can't see if they appear to have worked correctly. I mean the console ones; I wouldn't start with all the effort of taking screenshots and cropping them and uploading them to the web... HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
