Separate passphrase for subkeys (was: New GnuPG snapshot)

disastry at disastry at
Mon Sep 10 11:43:01 CEST 2001

Hash: RIPEMD160

David Shaw wrote:
> Someone pointed out to me once that a pleasant side effect of
> separated keys was that in some places, the Big Scary Gov't could
> force you to reveal an encryption key, but not an authentication key.
> If you used the same key for both, then you are out of luck.
> (IANAL, YMMV, and I don't recall where "some places" are.)
> David

so you have to have separate passphrase for signing key and encryption subkey.
AFAIK GnuPG can't change subkey's passphrase separately from key's
passphrase (at least not in east way). this would be a very useful feature...
(yes I know about export-secret-subkeys option, but this
would be a very useful feature anyway)

== <EOF> ==
Disastry <----PGP plugins for Netscape and MDaemon
 ^--GPG for Win32 (supports loadable modules and IDEA)
 ^---PGP 2.6.3ia-multi04 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
     AES, 3DES ciphers and MD5, SHA1, RIPEMD160 hashes)
Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1


More information about the Gnupg-devel mailing list