Separate passphrase for subkeys (was: New GnuPG snapshot)
disastry@saiknes.lv.NO.SPaM.NET
disastry@saiknes.lv.NO.SPaM.NET
Mon Sep 10 10:43:01 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
David Shaw wrote:
> Someone pointed out to me once that a pleasant side effect of
> separated keys was that in some places, the Big Scary Gov't could
> force you to reveal an encryption key, but not an authentication key.
> If you used the same key for both, then you are out of luck.
>
> (IANAL, YMMV, and I don't recall where "some places" are.)
> David
so you have to have separate passphrase for signing key and encryption subkey.
AFAIK GnuPG can't change subkey's passphrase separately from key's
passphrase (at least not in east way). this would be a very useful feature...
(yes I know about export-secret-subkeys option, but this
would be a very useful feature anyway)
== <EOF> ==
Disastry http://i.am/disastry/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
^--GPG for Win32 (supports loadable modules and IDEA)
^---PGP 2.6.3ia-multi04 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
AES, 3DES ciphers and MD5, SHA1, RIPEMD160 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1
iQA/AwUBO5xeAzBaTVEuJQxkEQOdJgCeOTvuTed5k+uOvW7OYrvg/rcbwS0AoIiV
jajno5lqWKl7Y7EMWdxXECom
=hbY3
-----END PGP SIGNATURE-----