forwarded message from Joe Rhett

Joe Rhett jrhett at
Fri Apr 27 17:42:01 CEST 2001

> > appear to work properly.  The --export-secret-subkeys appears to remove the
> > secret part of the key (manpage documents this) which makes signing
> > impossible.
> Yes.  This is the whole point with --export-secret-subkey.  
> Without the secret primary key you can't add a new key, revoke one
> etc.  So if your box gets compromised the cracker can "only" use the
> subkey to decrypt all messages encrypted to this subkey.
Then why is this listed as a procedure for allowing automated signing of
messages? Section 4.13 of the FAQ says that this is how you do it, yet
you're saying that this won't work.

Joe Rhett                                         Chief Technology Officer
JRhett at ISite.Net                                      ISite Services, Inc.

PGP keys and contact information:

More information about the Gnupg-devel mailing list