> I think you might be misinterpreting the result > you say you are dealing with revoked subkeys. > Unless you specify "--list-options show-unusable-subkeys", > you might not see those in the keylistings even though they are there.
You're right! > The gpg binary only deals with public keys in the keyring directly. > Secret keys are delegated to gpg-agent, and gpg-agent works with > keygrips only So gpg focuses on the public key ring and public key operations while gpg-agent is responsible for the private-keys-v1.d directory. This explains why the names of the *.key files don't match the fingerprints of the keys, unlike the *.rev files: gpg-agent uses keygrips in order to refer to the private keys. Before I found the --delete-secret-keys command, I tried to delete the subkey files manually with rm. Since their names did not match their fingerprints, I did not know which files were the right ones. > If it would have deleted the secret part, > I'd have expected a popup from gpg-agent asking me if I was sure about > that. I got no popup. I understand now. That is what happened when I accidentally deleted my original keys. I got a graphical confirmation pop-up from gpg-agent. > delete_key 6D610FB78404E0C80954BB993E3410ED9FA463A6 Looks like this is the definitive answer. I looked up the delete_key command on the gpg-agent manual. There seems to be only one reference to it in the description of the --allow-loopback-pinentry option. It does not seem to be listed on the page where the other commands are: https://www.gnupg.org/documentation/manuals/gnupg/Agent-Protocol.html Is this gpg-agent command not documented? I was able to obtain some help text for it: $ gpg-connect-agent 'help delete_key' /bye # DELETE_KEY [--force|--stub-only] <hexstring_with_keygrip> # # Delete a secret key from the key store. If --force is used # and a loopback pinentry is allowed, the agent will not ask # the user for confirmation. If --stub-only is used the key will # only be deleted if it is a reference to a token. OK This does seem to be very useful. The --stub-only option in particular is very relevant to me since I have subkeys on a YubiKey and would like to delete their stubs in case of loss or deletion. > I hope this helps your understanding! It did! I was able to truly delete the subkey following your steps. Now I have a much better understanding of how gpg works. Thank you for the detailed answer! _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
