Hi folks, [Problem] :
I'm generating myself a brand new pgp master key and I'd like it to have this structure : A first .gnupg folder with : sec ed25519 1876-02-10 [SC] AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA uid [ultimate] Romain Lebrun Thauront ssb ed25519 2020-04-21 [S] [expires: 2021-01-01] BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB ssb cv25519 2020-04-21 [E] [expires: 2021-01-01] CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC A second .gnupg folder (let say .gnupg_copy) with : sec ed25519 2020-04-21 [SC] [expires: 2021-01-01] BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB uid [ultimate] Romain Lebrun Thauront ssb cv25519 2020-04-21 [E] [expires: 2021-01-01] CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Where the BBBB and CCCC keys are the same in the two folders, but BBBB is in one case a signing subkey and on the other a standalone Master key. I do not find how to achieve that by myself, does anyone have an idea ? I don't care if the problem is solve one way or the other. (generating the first config and transforming a subkey into a master key OR generating the second config and transforming a master key into a signing subkey of another master key) [\Problem] [Context] : Reading that isn't necessary for giving a purely technical answer, but if you are curious then go on. I'm using a web mailer called ProtonMail which offer in-browser cryptography. For that I have to upload some encrypted secret key with signing and encrypting capabilities to their servers. But their software wont accept that I upload only the "secret subkeys" keys, without the "secret master key" key. I mean, something like that is refuse : sec# ed25519 1876-02-10 [SC] (The difference is the # here, meaning I do not upload the secret master key) AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA uid [ultimate] Romain Lebrun Thauront ssb ed25519 2020-04-21 [S] [expires: 2021-01-01] BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB ssb cv25519 2020-04-21 [E] [expires: 2021-01-01] CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC As I want to keep my secret master key, offline, off my computer, on an encrypted usb, on a chest, on the deep Caribbean see, kept by three infamous sharks, the setup describe on the above section would be a great workaround : I'll use config one (my rolling subkeys as subkeys) on my other mailer and I will advertise them like that to my contacts an keyservers. I'll upload the second config (my rolling subkeys as a Master key) to ProtonMail servers each time I roll keys. [\Context] As an ed25565 keypair is an ed25565 keypair, wether it is used as master key or subkey, I think that should be theoretically possible, at least by modifying the binaries of the key files. But their should be an easier solution, right ? Best, RLT P.S.: sorry for grammatical incorrectness, not my native language _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
