forwarded message from Joe Rhett
jrhett at isite.net
Fri Apr 27 17:42:01 CEST 2001
> > appear to work properly. The --export-secret-subkeys appears to remove the
> > secret part of the key (manpage documents this) which makes signing
> > impossible.
> Yes. This is the whole point with --export-secret-subkey.
> Without the secret primary key you can't add a new key, revoke one
> etc. So if your box gets compromised the cracker can "only" use the
> subkey to decrypt all messages encrypted to this subkey.
Then why is this listed as a procedure for allowing automated signing of
messages? Section 4.13 of the FAQ says that this is how you do it, yet
you're saying that this won't work.
Joe Rhett Chief Technology Officer
JRhett at ISite.Net ISite Services, Inc.
PGP keys and contact information: http://www.noc.isite.net/Staff/
More information about the Gnupg-devel