I run gpg --list-keys
and it shows me the keys present in the keyring:
/home/kshitiz/.gnupg/pubring.gpg
--------------------------------
pub 4096R/8F64D7E0 2015-02-18
uid Kshitiz Sharma (http://ksharma.in) <ksharma.android@gmail.com>
sub 4096R/C87EAA9F 2015-02-18
sub 4096R/B63EFB4D 2015-02-18
I delete my secret key:
$ gpg --delete-secret-key ksharma.android@gmail.com
sec 4096R/8F64D7E0 2015-02-18 Kshitiz Sharma (http://ksharma.in) <ksharma.android@gmail.com>
Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
And then list keys again gpg --list-keys
. Same output:
/home/kshitiz/.gnupg/pubring.gpg
--------------------------------
pub 4096R/8F64D7E0 2015-02-18
uid Kshitiz Sharma (http://ksharma.in) <ksharma.android@gmail.com>
sub 4096R/C87EAA9F 2015-02-18
sub 4096R/B63EFB4D 2015-02-18
Why didn't the secret key 8F64D7E0
get deleted?
Weirdly, running gpg --delete-secret-key
again says key not found:
gpg: key "ksharma.android@gmail.com" not found: eof
gpg: ksharma.android@gmail.com: delete key failed: eof
Best Answer
GPG stores public and private keys in different places.
You output mentions :
/home/kshitiz/.gnupg/pubring.gpg
which holds the "public" key (pubring)If you want to list private keys you have to use the
--list-secret-keys
switch.As per why the key 8F64D7E0 does not get deleted, it's because you asked to destroy the private key only. Since deleting a private key does not impact the public key, there is no need for it to be cascade deleted.