forwarded message from Joe Rhett

Joe Rhett jrhett at isite.net
Fri Apr 27 17:42:01 CEST 2001


> > appear to work properly.  The --export-secret-subkeys appears to remove the
> > secret part of the key (manpage documents this) which makes signing
> > impossible.
> 
> Yes.  This is the whole point with --export-secret-subkey.  
> Without the secret primary key you can't add a new key, revoke one
> etc.  So if your box gets compromised the cracker can "only" use the
> subkey to decrypt all messages encrypted to this subkey.
 
Then why is this listed as a procedure for allowing automated signing of
messages? Section 4.13 of the FAQ says that this is how you do it, yet
you're saying that this won't work.

-- 
Joe Rhett                                         Chief Technology Officer
JRhett at ISite.Net                                      ISite Services, Inc.

PGP keys and contact information:          http://www.noc.isite.net/Staff/




More information about the Gnupg-devel mailing list