How to delete a subkey on Linux in GnuPG?
GnuPG's interactive --edit-key
menu works differently. You do not select a subkey by key [subkey-id]
, but by key [key-index]
, in your case this would be key 2
(the second subkey from the top, the primary key doesn't count).
After doing so, the line
ssb rsa4096/33333333
will change to
ssb* rsa4096/33333333
with an asterisk indicating the key being selected. After selecting one or more keys, run delkey
to delete the selected subkeys. Don't forget to save
!
Related videos on Youtube
aldaron
Updated on September 18, 2022Comments
-
aldaron over 1 year
I would like to delete an OpenPGP subkey of mine on Linux (L)Ubuntu 16.04 in GnuPG. It's a kind of "blank" useless key (see below key
33333333
). I have not uploaded it to key servers, so I think it's ok to delete without revoking it.gpg2 --edit-key [email protected] sec rsa4096/11111111 created: 2016-12-12 expires: 2017-12-12 usage: SC confiance : ultime validity: ultimate ssb rsa4096/22222222 created: 2016-12-12 expires: 2017-12-12 usage: E ssb rsa4096/33333333 created: 2016-12-12 expires: never usage: ssb rsa4096/44444444 créé : 2016-12-12 expires: 2017-12-12 usage: S [ ultimate ] (1). me <[email protected]>
I tried "gpg> delkey 33333333", but I had this message :
You must select at least one key. (Use the 'key' command.)
then
gpg> key 33333333
, and I had this result (same result aslist
command):sec rsa4096/11111111 created: 2016-12-12 expires: 2017-12-12 usage: SC confiance : ultime validity: ultimate ssb rsa4096/22222222 created: 2016-12-12 expires: 2017-12-12 usage: E ssb rsa4096/33333333 created: 2016-12-12 expires: never usage: ssb rsa4096/44444444 créé : 2016-12-12 expires: 2017-12-12 usage: S [ ultimate ] (1). me <[email protected]>
What should I do next?
-
Jens Erat over 7 yearsOn the Linux command line (and in general), you can get English language outpuut for pretty much all applications by prefixing
LANG=C
, eg.LANG=C gpg2 --edit-key ...
. Alternatively, "switch" a shell to English language by runningexport LANG=C
. -
Admin almost 2 yearsSmall caution to anyone deleting a subkey, if you delete even a public subkey it may mean that the related private subkey is no longer available to decrypt. I was able to fix it easily - security.stackexchange.com/questions/262703/… not sure if is always like that though.
-
-
aldaron over 7 yearsThanks a lot. I had not seen the asterisk thing before. Thank you ! PS : key-index number was 2, not 3 (I could not select the first "sec" key).
-
Jens Erat over 7 yearsYou're right, I should have only counted the subkeys. If this answered your question, consider selecting the checkmark on the left (also have a look at the FAQ).
-
arviman over 6 yearswow that was unintuitive. I kept selecting by key-id.