Keys

Key hierarchy

$ gpg -K --fingerprint 0x376221C7FB620C0A

sec#  rsa4096/0x376221C7FB620C0A 2016-10-13 [C] [expires: 2018-10-13]
      Key fingerprint = 572D 538F 55E2 991D 1F3E  0EE4 3762 21C7 FB62 0C0A
uid                   [ultimate] Carlos Melero Bargues
uid                   [ultimate] Carlos Melero Bargues <carlosmelero@live.com>
ssb>  rsa4096/0x490431E1398756EC 2016-10-13 [S] [expires: 2017-10-13]
      Key fingerprint = 71EB 8B2F FED2 21E5 78BC  3CAC 4904 31E1 3987 56EC
      Card serial no. = 0005 000041EC
ssb>  rsa4096/0x11804CB7D30D321A 2016-10-13 [E] [expires: 2017-10-13]
      Key fingerprint = B2B4 B9C5 F0A6 BEC8 7EB3  2A2A 1180 4CB7 D30D 321A
      Card serial no. = 0005 000041EC

Here’s the master public key with its subkeys

As you can see gpg is called with the -K argument which is an alias to --list-secret-keys:

--list-secret-keys
   -K     List all keys from the secret keyrings, or just the ones given on the command line.
          A # after the letters sec means that the secret key is not usable  
          (for  example,  if  it  was  created  via --export-secret-subkeys).  See also --list-keys.

Since the master key is marked with the # you can tell I don’t have the private key in this machine. I have it backed up in a microSD card somewhere safe.

You can also tell that I don’t have access to the private keys of my signing and encryption subkeys. They’re stored on a smartcard.