milosz Wednesday 16 January 2008
After importing sub.seckey and pubring.gpg my subkey (sub 1024R/keyid created: 2007-06-19 expires: never usage: S) has two signatures: sub 1024R/keyid 2007-06-19 sig! mainkeyid 2007-06-19 Milosz Galazka sig! mainkeyid 2007-06-19 Milosz Galazka
Is that ok?
I used gpgsplit before importing sub.secring and deleted that signature so it's not importing again
pc Saturday 17 March 2007
If you have more than one secret key and get stuck in 8 getting: $ gpg: decryption failed: secret key not available make sure that in gpg.conf you've set 'default-key' to your new keyid.
What about Windows?
alessandrobottoni Friday 15 December 2006
What about performing these operations on a Windows machine?
Yes, I know very well it's bad, very bad, but it's also 93% of the market.
Making signatures or key modifications after migrating to the card
hno Tuesday 14 November 2006
To make new signatures, change identities, add/revoke subkeys etc you will need to temporarily switch back to your main key. Mount the USB key somewhere safe and use the --homedir option to GnuPG to tell it where the full key ring is. Upload the result to the key servers and then import your public key back to the normal keyring (or alternatively export it to a local file and import it again..).
If you replace any of the subkeys you will need to redo your normal secret keyring like done earlier when following this document.
It's recommended you keep two backups of your main signing key. One in the removable USB key you use while signing others keys, and one more permanently stored somewhere else. This way you can recover even if the USB key should crash while you sign someones key.
Setting trust, adding UID etc
wernerdittmann Friday 20 October 2006
After performing all steps as described it is not possible to set the trust to imported keys or to add a UID to an existing kex because the secret part of the key is missing. Is there an easy ways to do this?
Regards, Werner D.
--card-edit or --card-status?
wall_unit Saturday 12 August 2006
Because of no further commands, not even "quit" follows, I guess you meant --card-status instead of --card-edit at step 3.
No killall please
werner Friday 20 January 2006
please do not use killall - that is not a standard tool and has different semantics on other platforms (e.g. really doing what the name implies on SunOS).