forwarded message from Joe Rhett

Joe Rhett jrhett@isite.net
Fri Apr 27 16:42:01 2001



> > appear to work properly. The --export-secret-subkeys appears to remove the
> > secret part of the key (manpage documents this) which makes signing
> > impossible.
>
> Yes. This is the whole point with --export-secret-subkey.
> Without the secret primary key you can't add a new key, revoke one
> etc. So if your box gets compromised the cracker can "only" use the
> subkey to decrypt all messages encrypted to this subkey.
Then why is this listed as a procedure for allowing automated signing of messages? Section 4.13 of the FAQ says that this is how you do it, yet you're saying that this won't work. -- Joe Rhett Chief Technology Officer JRhett@ISite.Net ISite Services, Inc. PGP keys and contact information: http://www.noc.isite.net/Staff/