Separate passphrase for subkeys (was: New GnuPG snapshot)

David Shaw dshaw@jabberwocky.com
Mon Sep 10 14:15:02 2001 

--hQiwHBbRI9kgIhsi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Sep 10, 2001 at 10:30:50AM +0200, disastry@saiknes.lv.NO.SPaM.NET w=
rote:

> -----BEGIN PGP SIGNED MESSAGE-----

> Hash: RIPEMD160

>=20

> David Shaw wrote:

> > Someone pointed out to me once that a pleasant side effect of

> > separated keys was that in some places, the Big Scary Gov't could

> > force you to reveal an encryption key, but not an authentication key.

> > If you used the same key for both, then you are out of luck.

> >=20

> > (IANAL, YMMV, and I don't recall where "some places" are.)

> > David

>=20

> so you have to have separate passphrase for signing key and

> encryption subkey.


Not necessarily.  I'm talking about a case where the gov't can legally
ask for your key.  Don't just give them the passphrase: do a
--export-secret-subkeys onto a floppy, delete any subkeys they didn't
ask for, change the passphrase and hand that over.


> AFAIK GnuPG can't change subkey's passphrase separately from key's

> passphrase (at least not in east way). this would be a very useful featur=

e...

> (yes I know about export-secret-subkeys option, but this

> would be a very useful feature anyway)


Yes it would be pretty neat.

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

--hQiwHBbRI9kgIhsi
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBO5yuR4ccwqs8s7QVAQGecQf/SZIZbuvPoNiUqrdUW4LopP5V4k6KT8wm
zAZDdh/gjw7u0bLobjp7ErRfz+TrxPUPiebdMrJCUErau47/nOgN0JClhCBE8gj4
akNr8mHXy6mc6qY+YQS0KN/eG6xuf9ImqYLOXRx90AQdXpgPtu+WRhH9/7kMlzr2
7rISbvVXqqIq7EAnrJKfaNL8qQnUQSLwG90NdfN8XPMmp0DiWzbTlwlfRDSUmrmG
B9fRFMOqWg5ya2nw+feGCSlbaviOIW0ZXeqgZvBB2iuKm31HEXGzUi7tXV0CVyYJ
Kep68bKpJVm5gFPYrWvXE3ZVQtcilAmXtD6/rX4YzrZoZ+rnSgAwSA==
=dVY1
-----END PGP SIGNATURE-----

--hQiwHBbRI9kgIhsi--