diff --git a/README.md b/README.md
index 8cfa2e05d28ae5fd74b55f912c7083fde64cf2fd..752c52cbdd20858204c370b943c10534a3c7242f 100644
--- a/README.md
+++ b/README.md
@@ -28,12 +28,16 @@
     8765# gpg --edit-key
     > passwd
     > save
-    8765# gpg --edit-key
-    8765# gpg --armor --output sign-key-unprotected.asc --export-secret-key sign-in-ci@exapmle.com
-    host$ docker cp 8765:sign-key-unprotected.asc .
+    8765# gpg --armor --output sign-key-nopw.asc --export-secret-key sign-in-ci@exapmle.com
+    host$ docker cp 8765:sign-key-nopw.asc .
+    ```
+
+    This step is necessary, because currently gnupg does not export secret
+    subkeys if they are not password protected.
+
 
 4. Add a protected secret CI variable `$GPG_KEY` and paste the contents of
-    `sign-key-unprotected.asc`.
+    `sign-key-nopw.asc`.
 
 5. Setup [CI](.gitlab-ci.yml)