Hi,
I want to setup one backup key as an ADSK for multiple keys. After
adding the ADSK to the first key, further attempts to add the same ADSK
to other keys fail with the error message:
gpg: key "44883766ABE65F20453E6FC046D03490A60D7131" not found:
Wrong key usage
gpg: Did you specify the fingerprint of a subkey?
My guess is that the fingerprint is resolved to the ADSK of the first
key with key usage R instead of the original subkey with key usage SEAR.
If I delete the key with the first ADSK and try to add the ADSK to a
second key, gpg can no longer find the original subkey:
gpg: key "44883766ABE65F20453E6FC046D03490A60D7131" not found: No
public key
How can I configure the same subkey as an ADSK for multiple other keys?
Regards,
Robin
Full log:
$ gpg --list-keys --with-subkey-fingerprint
[keyboxd]
---------
pub rsa2048 2023-05-23 [SCEAR]
0D040E3B31CD2165952E0B2D2630CA1F4CFEC737
uid [ultimate] Employee 2 (Department A) <e2@example.com>
sub rsa2048 2023-05-23 [SEAR]
A1EE8DAA2FFA67B2963CF9A44C27B306EF295300
pub rsa2048 2023-05-23 [SCEAR]
41CED1E71F2F05362BE79793EEAEB08CFA452DAE
uid [ultimate] Employee 1 (Department A) <e1@example.com>
sub rsa2048 2023-05-23 [SEAR]
55810101E92C4C4ED311BCA94C3578A761AEB703
pub rsa2048 2023-05-23 [SCEAR]
6DF5F1752B66B225853F107AA5D29205F3B6E803
uid [ultimate] Manager (Department A) <ma@example.com>
sub rsa2048 2023-05-23 [SEAR]
44883766ABE65F20453E6FC046D03490A60D7131
$ gpg --quick-add-adsk 41CED1E71F2F05362BE79793EEAEB08CFA452DAE
44883766ABE65F20453E6FC046D03490A60D7131
$ gpg --quick-add-adsk 0D040E3B31CD2165952E0B2D2630CA1F4CFEC737
44883766ABE65F20453E6FC046D03490A60D7131
gpg: key "44883766ABE65F20453E6FC046D03490A60D7131" not found: Wrong key
usage
gpg: Did you specify the fingerprint of a subkey?
$ gpg --list-keys --with-subkey-fingerprint
[keyboxd]
---------
pub rsa2048 2023-05-23 [SCEAR]
0D040E3B31CD2165952E0B2D2630CA1F4CFEC737
uid [ultimate] Employee 2 (Department A) <e2@example.com>
sub rsa2048 2023-05-23 [SEAR]
A1EE8DAA2FFA67B2963CF9A44C27B306EF295300
pub rsa2048 2023-05-23 [SCEAR]
41CED1E71F2F05362BE79793EEAEB08CFA452DAE
uid [ultimate] Employee 1 (Department A) <e1@example.com>
sub rsa2048 2023-05-23 [SEAR]
55810101E92C4C4ED311BCA94C3578A761AEB703
sub rsa2048 2023-05-23 [R]
44883766ABE65F20453E6FC046D03490A60D7131
pub rsa2048 2023-05-23 [SCEAR]
6DF5F1752B66B225853F107AA5D29205F3B6E803
uid [ultimate] Manager (Department A) <ma@example.com>
sub rsa2048 2023-05-23 [SEAR]
44883766ABE65F20453E6FC046D03490A60D7131
$ gpg --delete-secret-key 41CED1E71F2F05362BE79793EEAEB08CFA452DAE
$ gpg --delete-key 41CED1E71F2F05362BE79793EEAEB08CFA452DAE
$ gpg --list-keys --with-subkey-fingerprint
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
[keyboxd]
---------
pub rsa2048 2023-05-23 [SCEAR]
0D040E3B31CD2165952E0B2D2630CA1F4CFEC737
uid [ultimate] Employee 2 (Department A) <e2@example.com>
sub rsa2048 2023-05-23 [SEAR]
A1EE8DAA2FFA67B2963CF9A44C27B306EF295300
pub rsa2048 2023-05-23 [SCEAR]
6DF5F1752B66B225853F107AA5D29205F3B6E803
uid [ultimate] Manager (Department A) <ma@example.com>
sub rsa2048 2023-05-23 [SEAR]
44883766ABE65F20453E6FC046D03490A60D7131
$ gpg --quick-add-adsk 0D040E3B31CD2165952E0B2D2630CA1F4CFEC737
44883766ABE65F20453E6FC046D03490A60D7131
gpg: key "44883766ABE65F20453E6FC046D03490A60D7131" not found: No public key
$ gpg --version
gpg (GnuPG) 2.4.1
libgcrypt 1.10.2
Copyright (C) 2023 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /root/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
I want to setup one backup key as an ADSK for multiple keys. After
adding the ADSK to the first key, further attempts to add the same ADSK
to other keys fail with the error message:
gpg: key "44883766ABE65F20453E6FC046D03490A60D7131" not found:
Wrong key usage
gpg: Did you specify the fingerprint of a subkey?
My guess is that the fingerprint is resolved to the ADSK of the first
key with key usage R instead of the original subkey with key usage SEAR.
If I delete the key with the first ADSK and try to add the ADSK to a
second key, gpg can no longer find the original subkey:
gpg: key "44883766ABE65F20453E6FC046D03490A60D7131" not found: No
public key
How can I configure the same subkey as an ADSK for multiple other keys?
Regards,
Robin
Full log:
$ gpg --list-keys --with-subkey-fingerprint
[keyboxd]
---------
pub rsa2048 2023-05-23 [SCEAR]
0D040E3B31CD2165952E0B2D2630CA1F4CFEC737
uid [ultimate] Employee 2 (Department A) <e2@example.com>
sub rsa2048 2023-05-23 [SEAR]
A1EE8DAA2FFA67B2963CF9A44C27B306EF295300
pub rsa2048 2023-05-23 [SCEAR]
41CED1E71F2F05362BE79793EEAEB08CFA452DAE
uid [ultimate] Employee 1 (Department A) <e1@example.com>
sub rsa2048 2023-05-23 [SEAR]
55810101E92C4C4ED311BCA94C3578A761AEB703
pub rsa2048 2023-05-23 [SCEAR]
6DF5F1752B66B225853F107AA5D29205F3B6E803
uid [ultimate] Manager (Department A) <ma@example.com>
sub rsa2048 2023-05-23 [SEAR]
44883766ABE65F20453E6FC046D03490A60D7131
$ gpg --quick-add-adsk 41CED1E71F2F05362BE79793EEAEB08CFA452DAE
44883766ABE65F20453E6FC046D03490A60D7131
$ gpg --quick-add-adsk 0D040E3B31CD2165952E0B2D2630CA1F4CFEC737
44883766ABE65F20453E6FC046D03490A60D7131
gpg: key "44883766ABE65F20453E6FC046D03490A60D7131" not found: Wrong key
usage
gpg: Did you specify the fingerprint of a subkey?
$ gpg --list-keys --with-subkey-fingerprint
[keyboxd]
---------
pub rsa2048 2023-05-23 [SCEAR]
0D040E3B31CD2165952E0B2D2630CA1F4CFEC737
uid [ultimate] Employee 2 (Department A) <e2@example.com>
sub rsa2048 2023-05-23 [SEAR]
A1EE8DAA2FFA67B2963CF9A44C27B306EF295300
pub rsa2048 2023-05-23 [SCEAR]
41CED1E71F2F05362BE79793EEAEB08CFA452DAE
uid [ultimate] Employee 1 (Department A) <e1@example.com>
sub rsa2048 2023-05-23 [SEAR]
55810101E92C4C4ED311BCA94C3578A761AEB703
sub rsa2048 2023-05-23 [R]
44883766ABE65F20453E6FC046D03490A60D7131
pub rsa2048 2023-05-23 [SCEAR]
6DF5F1752B66B225853F107AA5D29205F3B6E803
uid [ultimate] Manager (Department A) <ma@example.com>
sub rsa2048 2023-05-23 [SEAR]
44883766ABE65F20453E6FC046D03490A60D7131
$ gpg --delete-secret-key 41CED1E71F2F05362BE79793EEAEB08CFA452DAE
$ gpg --delete-key 41CED1E71F2F05362BE79793EEAEB08CFA452DAE
$ gpg --list-keys --with-subkey-fingerprint
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
[keyboxd]
---------
pub rsa2048 2023-05-23 [SCEAR]
0D040E3B31CD2165952E0B2D2630CA1F4CFEC737
uid [ultimate] Employee 2 (Department A) <e2@example.com>
sub rsa2048 2023-05-23 [SEAR]
A1EE8DAA2FFA67B2963CF9A44C27B306EF295300
pub rsa2048 2023-05-23 [SCEAR]
6DF5F1752B66B225853F107AA5D29205F3B6E803
uid [ultimate] Manager (Department A) <ma@example.com>
sub rsa2048 2023-05-23 [SEAR]
44883766ABE65F20453E6FC046D03490A60D7131
$ gpg --quick-add-adsk 0D040E3B31CD2165952E0B2D2630CA1F4CFEC737
44883766ABE65F20453E6FC046D03490A60D7131
gpg: key "44883766ABE65F20453E6FC046D03490A60D7131" not found: No public key
$ gpg --version
gpg (GnuPG) 2.4.1
libgcrypt 1.10.2
Copyright (C) 2023 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /root/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Attached Files:
-
OpenPGP_0x34F47D2F044B8F17.asc (0.98 KB)
-
OpenPGP_signature (0.22 KB)