TechDocs/CardHowtos/CardWithSubkeys/Talk

The following are comments taken from https://www.fsfe.org/en/card/howto/subkey_howto --Guido 09:33, 8 April 2008 (UTC)

signatures

milosz Wednesday 16 January 2008

Hello,

After importing sub.seckey and pubring.gpg my subkey (sub 1024R/keyid created: 2007-06-19 expires: never usage: S) has two signatures: sub 1024R/keyid 2007-06-19 sig! mainkeyid 2007-06-19 Milosz Galazka sig! mainkeyid 2007-06-19 Milosz Galazka

Is that ok?


Added later:

I used gpgsplit before importing sub.secring and deleted that signature so it's not importing again

setting 'default-key'

pc Saturday 17 March 2007

If you have more than one secret key and get stuck in 8 getting: $ gpg: decryption failed: secret key not available make sure that in gpg.conf you've set 'default-key' to your new keyid.

What about Windows?

alessandrobottoni Friday 15 December 2006

What about performing these operations on a Windows machine?

Yes, I know very well it's bad, very bad, but it's also 93% of the market.

Any direction?

Thanx

Making signatures or key modifications after migrating to the card

hno Tuesday 14 November 2006

To make new signatures, change identities, add/revoke subkeys etc you will need to temporarily switch back to your main key. Mount the USB key somewhere safe and use the --homedir option to GnuPG to tell it where the full key ring is. Upload the result to the key servers and then import your public key back to the normal keyring (or alternatively export it to a local file and import it again..).

If you replace any of the subkeys you will need to redo your normal secret keyring like done earlier when following this document.

It's recommended you keep two backups of your main signing key. One in the removable USB key you use while signing others keys, and one more permanently stored somewhere else. This way you can recover even if the USB key should crash while you sign someones key.

Setting trust, adding UID etc

wernerdittmann Friday 20 October 2006

After performing all steps as described it is not possible to set the trust to imported keys or to add a UID to an existing kex because the secret part of the key is missing. Is there an easy ways to do this?

Regards, Werner D.

--card-edit or --card-status?

wall_unit Saturday 12 August 2006

Because of no further commands, not even "quit" follows, I guess you meant --card-status instead of --card-edit at step 3.

No killall please

werner Friday 20 January 2006

please do not use killall - that is not a standard tool and has different semantics on other platforms (e.g. really doing what the name implies on SunOS).

TechDocs/CardHowtos/CardWithSubkeys/Talk (last edited 2016-04-08 18:39:31 by jzarl)