New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenPGP: Support --export-secret-subkeys (subkeys without primary key) #336
Comments
I also have run into this issue exactly as @diafygi has described. |
hi we can support this easily, I think. |
(a test key, don't send your actual secret key =) |
Here's what I get by doing this. It seems like the S2K is easy to support.
|
monkey patching the code, seems to make it work:
followed by:
so, I guess it's a small patch.. I'll try to get to it unless someone else beats me to it. |
GPG allows you to export your subkeys with with a blank primary key using the
gpg --export-secret-subkeys {key-id}
option. This is great if you want to keep your primary key air-gapped and have both a signing and encryption subkeys.Unfortunately, end-to-end raises a "Cannot get key from special locations!" error when trying to import just the subkeys.
Use case:
Reproduction steps:
gpg --gen-key
gpg --export-secret-subkeys > secret_subkeys.gpg
secret_subkeys.gpg
into the end-to-end keyring.What should happen:
When importing secret keys, blank primary keys should be skipped and still allow importing secret subkeys. That way, you can still decrypt and read messages sent to you without having to trust end-to-end with your primary secret key.
The text was updated successfully, but these errors were encountered: