tag:gpgtools.tenderapp.com,2011-11-04:/discussions/beta/2241-problems-using-subkeys-for-encryption-and-signingGPGTools: Discussion 2017-09-13T08:11:12Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/433514352017-09-04T00:09:00Z2017-09-04T00:09:02ZProblems using subkeys for encryption and signing<div><p><strong>Which of our tools is giving you problems?</strong> GPG Keychain, GPGMail</p>
<p><strong>Describe your problem. Add as much detail as possible.</strong> I recently created a new gpg keypair. Following the advice on <a href="https://wiki.debian.org/Subkeys">https://wiki.debian.org/Subkeys</a> and several other places, I decided to keep my master key offline on a seperate device, copying just the subkeys on my mac for encryption and signing. So, my mac only has the public portion of the master key and public+private subkeys. Unfortunately, GPG Keychain and GPGMail do not recognise the private subways and treat all the subkeys as just public keys. GPG Keychain lists the key with "Type" as 'pub' and GPGMail says "Secret key is missing" when I open an encrypted email. I have also checked by using GNUPG on the command-line; both signing and encryption work quite well there.</p>
<p>For reference, here's the output of gpg --list-secret-keys:<br></p>
<pre>
<code>sec# rsa4096/0xMASTERKEYID 2017-09-03 [SC]
----------KEYGRIP-------------
uid [ultimate] Mohak Shah <myemail@example.com>
ssb rsa4096/0xSUBKEYID 2017-09-03 [S] [expires: 2022-09-02]
ssb rsa4096/0xSUBKEYID 2017-09-03 [E] [expires: 2022-09-02]</code>
</pre>
<p><strong>Are you using any other Mail.app plugins?</strong> No</p></div>Mohak Shahtag:gpgtools.tenderapp.com,2011-11-04:Comment/433514352017-09-12T12:42:57Z2017-09-12T12:42:57ZProblems using subkeys for encryption and signing<div><p>Hi Mohak,</p>
<p>please try this (if you didn't already):<br>
1. Delete the secret keys from your mac.<br>
2. Export your secret keys again from your offline device: <code>gpg -a --export-secret-subkeys 0xMASTERKEYID > secsubs.asc</code><br>
3. Import secsubs.asc on your mac.</p>
<p>Regards, Mento</p></div>Mentotag:gpgtools.tenderapp.com,2011-11-04:Comment/433514352017-09-12T23:32:47Z2017-09-12T23:32:49ZProblems using subkeys for encryption and signing<div><p>That worked! I believe the problem was that I had originally imported the subkeys using gpg 2.1 which uses a different store for private keys than gpg 2.0, the version GPGTools use. Anyway, thanks for your help!</p>
<p>P.S.: I hope you guys will move to gpg 2.1 soon. As you might already know, 2.0 is going to reach EOL this december.</p></div>Mohak Shahtag:gpgtools.tenderapp.com,2011-11-04:Comment/433514352017-09-13T08:11:11Z2017-09-13T08:11:11ZProblems using subkeys for encryption and signing<div><p>Thanks for the feedback and great news this indeed solved your problem.</p>
<p>gpg 2.2 is already integrated in the nightly build and will be included in the upcoming next beta release.</p>
<p>I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.</p>
<p>Best, steve</p></div>Steve