Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

Attaching subkeys to a different master key

 

 

GnuPG users RSS feed   Index | Next | Previous | View Threaded


gnupg at lists

Apr 9, 2012, 3:49 AM

Post #1 of 5 (454 views)
Permalink
Attaching subkeys to a different master key

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is there a way to detach subkeys from a master key and attach them to
a different master key? I'm guessing not, but just double checking.
The problem is, I'm using APG (Android Privacy Guard) on my phone, and
it wont accept keys exported using --export-secret-subkeys. I was
hoping to generate a new "fake" master key so I don't need to put my
real master key on the phone.

- --
Mike Cardwell https://grepular.com/ http://cardwellit.com/
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
-----BEGIN PGP SIGNATURE-----

iQGGBAEBAgBwBQJPgr6dMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu
Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt
aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBLUDB/4+jh/FsTr5
gBVSVT/UmeuFqYuT5gra9oTH4dpl0kPMRPXKUlJ4F3IEmfcFGoszAXLGwsGfofDK
wMloSNEJ32XUbZKIaGorWOBfsqVYsqy5jXoX4ULCasfog7RuspgR8ru+r0beTUOc
jDem3OQoqdfWUBlNkiWeHIHyDExblv/WZT+cziOlXSnaYg51T6+Fm5/ecLI/4+99
b+p6h3k3zgEsERZW99lnHzMr09pa7E6fVvM12RZJ/M+LpN3+kGoho+rew4Cxf0Wd
XE9E6gh1OvNca6Py1PTQJms0tY+0GuALCC+YlZgwYaSUHdHxZWAKl1m7qrvazOAi
QhHdIth3HbfZ
=XnOJ
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


wk at gnupg

Apr 9, 2012, 11:31 AM

Post #2 of 5 (426 views)
Permalink
Re: Attaching subkeys to a different master key [In reply to]

On Mon, 9 Apr 2012 12:49, gnupg [at] lists said:
> Is there a way to detach subkeys from a master key and attach them to
> a different master key? I'm guessing not, but just double checking.

There is no command for this. If you know the OpenPGP specs you may use
a combination of gpgsplit and a patched version of gpg to do this. This
is a common question and you may find more answers in the archive.

However, in almost all cases it is not worth the trouble. Just go ahead
and create a new subkey - OpenPGP applications should handle subkeys
automagically; the interesting piece is the master key (with the
fingerprint) and the signed user ids.

> it wont accept keys exported using --export-secret-subkeys. I was
> hoping to generate a new "fake" master key so I don't need to put my
> real master key on the phone.

That won't work in practice because you would end up with a different
fingerprint. What about fixing APG?


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


gnupg at lists

Apr 9, 2012, 12:11 PM

Post #3 of 5 (425 views)
Permalink
Re: Attaching subkeys to a different master key [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/04/12 19:31, Werner Koch wrote:

>> it wont accept keys exported using --export-secret-subkeys. I
>> was hoping to generate a new "fake" master key so I don't need to
>> put my real master key on the phone.
>
> That won't work in practice because you would end up with a
> different fingerprint.

This is what I suspected. Thanks for the confirmation.

> What about fixing APG?

This would be the best option of course. There's been a bug report
open for about a year. APG hasn't had much work done on it for a while
so I'm not confident it will be addressed any time soon:
https://code.google.com/p/android-privacy-guard/issues/detail?id=104

- --
Mike Cardwell https://grepular.com/ http://cardwellit.com/
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
-----BEGIN PGP SIGNATURE-----

iQGGBAEBAgBwBQJPgzRrMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu
Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt
aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBAA8CADWqpoeJoW9
96m+vUevDIXSyz4lVlDhbAtUfX/XvX/VUBOhRzMYWzXs4uBIlBENmSdiVYKnZGbR
UX3rohay0cjuCGv8g6H2RtuGVPgNCMzOaOmeX3qdjyakJeH1gJf1jMHj/arOjCWm
dAIySt91Pu+vujYsOF+ExzHmR4Oj1389xxSE6xZYAIDqLBcTrIRK7tYujhdG/IWe
qlmK9aXOFHXpr5MsgcEFsex0N0lm/rWxVHxApfGMBgyT8izUPXKSCSXcJjM7Zz4g
qQu5dBXeYp+vV3KaOoFkT0zX2jBU/QHoLXo5qNWeIhXlrXiZUysAtGP+0CEqNjOT
J8swHch+OlNs
=Kn3C
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


wk at gnupg

Apr 10, 2012, 12:33 AM

Post #4 of 5 (428 views)
Permalink
Re: Attaching subkeys to a different master key [In reply to]

On Mon, 9 Apr 2012 21:11, gnupg [at] lists said:

> open for about a year. APG hasn't had much work done on it for a while
> so I'm not confident it will be addressed any time soon:
> https://code.google.com/p/android-privacy-guard/issues/detail?id=104

The guardianproject.info is working on a GnuPG port to Android. It
basically works now, so eventually you may use as the OpenPGP engine for
Android. See the gnupg-devel ML archives for status reports.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


gnupg at lists

Apr 10, 2012, 10:31 AM

Post #5 of 5 (421 views)
Permalink
Re: Attaching subkeys to a different master key [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/04/12 20:11, gnupg [at] lists wrote:

>> What about fixing APG?
>
> This would be the best option of course. There's been a bug report
> open for about a year. APG hasn't had much work done on it for a
> while so I'm not confident it will be addressed any time soon:
> https://code.google.com/p/android-privacy-guard/issues/detail?id=104

In
>
case anyone is interested, I've managed to hack APG to accept and
use keyrings exported using --export-secret-subkeys. It's a pretty
brutal hack, but it works. The source code:

https://github.com/mikecardwell/android-privacy-guard

The write-up and a link to a signed APK are here:

https://grepular.com/Android_Privacy_Guard_and_Subkeys

Hopefully at some point I will find the time to build a "proper" fix
which I am happy to ask the original author to pull.

- --
Mike Cardwell https://grepular.com/ http://cardwellit.com/
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
-----BEGIN PGP SIGNATURE-----

iQGGBAEBAgBwBQJPhG6OMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu
Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt
aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBCW0B/92rV0wFXx9
K4TXJkQv8TwgxlRKlQnOmLyR+x9uUPSuuM0UclF2UOmiUDghEIPZxEptilvlxr+3
MOAJiFYqDsJs2+M8aGj0D6og0BurUlxszA+BPiT3BB9sioowtWj4NPR9IrxsSDc2
VJLNtzrqHc+Hhsq/GG5OTC3CVX+9IdJWrNHs719BNHF5ZP+KoRd8gn4JpnqCtu1y
FznkUnUDaK0FGtI56hmaU3/fl0V9tZ5d/F01886VqU0s8TDq7J7+MkcxmO6qqEhY
cvgzR0CTqwZb3yIIiMbrmCsGTRSSPpMcSBSOnd32rU4GR0klh5sly4fUd/RQpEbq
Kxfj/FfrjtnW
=BZCP
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.