forwarded message from Joe Rhett
Joe Rhett
jrhett at isite.net
Fri Apr 27 17:42:01 CEST 2001
> > appear to work properly. The --export-secret-subkeys appears to remove the
> > secret part of the key (manpage documents this) which makes signing
> > impossible.
>
> Yes. This is the whole point with --export-secret-subkey.
> Without the secret primary key you can't add a new key, revoke one
> etc. So if your box gets compromised the cracker can "only" use the
> subkey to decrypt all messages encrypted to this subkey.
Then why is this listed as a procedure for allowing automated signing of
messages? Section 4.13 of the FAQ says that this is how you do it, yet
you're saying that this won't work.
--
Joe Rhett Chief Technology Officer
JRhett at ISite.Net ISite Services, Inc.
PGP keys and contact information: http://www.noc.isite.net/Staff/
More information about the Gnupg-devel
mailing list