Closed Ciantic closed 3 years ago
Yes, this works correctly, with the obvious caveat that any subkey that isn't included in the paper backup of course can't be restored from the paper backup. Note that the --export-secret-subkeys command in GnuPG doesn't export only the specified subkey(s), but rather exports the primary key with the secret material removed (a stub) and then the specified subkey.
Basically, if you use paperkey as in your example, when restoring the paper backup, you'll get back the original output of gpg --export-secret-subkeys ABC123!
. That is, a stub primary key followed by the chosen subkey.
There was not an example of this, so I wondered does it work correctly if I export just a subkey (with exclamation mark at the end), e.g.:
I'm not familiar enough with the key format to judge this from the implementation.