Hi! So, I've come across either a bug, or a somewhat unfortunate wording in the man-pages I wanted to ask if it has been discussed before, before I spend any more effort learning man-pages' source and coming with a patch.
I'm currently in the process of updating the expiry date on my gpg key's subkeys. So I import the backup files (noticing that there are two, one for the masterkey's secret key, and another one for the subkeys' secret keys), and decide to export them to _one_ file with `--export-secret-keys <primary key id>`. The man pages state: """ --export-secret-keys --export-secret-subkeys Same as --export, but exports the secret keys instead. The exported keys are written to STDOUT or to the file given with option --output. This command is often used along with the option --armor to allow for easy printing of the key for paper backup; however the external tool paperkey does a better job of creating backups on paper. Note that exporting a secret key can be a security risk if the exported keys are sent over an insecure channel. The second form of the command has the special property to render the secret part of the primary key useless; this is a GNU extension to OpenPGP and other implementations can not be expected to successfully import such a key. Its in‐ tended use is in generating a full key with an additional signing subkey on a dedicated machine. This command then exports the key without the primary key to the main machine. """ I don't see how to interpret that in any way other than that the output of `--export-secret-keys` is a superset of `--export-secret-subkeys`. So I export to _one_ file (as mentioned above), to simplify my life before I update the expiration date, and use `keytocard`. Deciding I'd like to confirm that I've got a working backup, I repeat the process, AKA import the file I just exported before running `keytocard`, and running `keytocard` again (just intending to overwrite with a new machine-local copy). But now I get: """ Replace existing key? (y/N) y gpg: KEYTOCARD failed: Unusable secret key """ There are several mentions of such symptoms online, but I found one particularly interesting one: https://dev.gnupg.org/T3391. Ignoring my newly created export of the secret keys, following the instructions in above link with the old file that _only_ had the subkeys, seem to work for me. Like I asked at the beginning of this sordid tale, anyone got any suggestions/tips/thoughts about this? I imagine this can be quite jarring and annoying for users who interpret the man-pages in the same way as I have (especially for new users who must have spent some time and effort ensuring they've got all their ducks in a row, just for this to fail here due to their understanding of the man-pages or the above bug). -- Med vennlig hilsen/Kind regards, Christian Chavez Phone/Tlf: +47 922 22 603
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users