Separate passphrase for subkeys (was: New GnuPG snapshot)
David Shaw
dshaw at jabberwocky.com
Mon Sep 10 15:15:02 CEST 2001
On Mon, Sep 10, 2001 at 10:30:50AM +0200, disastry at saiknes.lv.NO.SPaM.NET wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> David Shaw wrote:
> > Someone pointed out to me once that a pleasant side effect of
> > separated keys was that in some places, the Big Scary Gov't could
> > force you to reveal an encryption key, but not an authentication key.
> > If you used the same key for both, then you are out of luck.
> >
> > (IANAL, YMMV, and I don't recall where "some places" are.)
> > David
>
> so you have to have separate passphrase for signing key and
> encryption subkey.
Not necessarily. I'm talking about a case where the gov't can legally
ask for your key. Don't just give them the passphrase: do a
--export-secret-subkeys onto a floppy, delete any subkeys they didn't
ask for, change the passphrase and hand that over.
> AFAIK GnuPG can't change subkey's passphrase separately from key's
> passphrase (at least not in east way). this would be a very useful feature...
> (yes I know about export-secret-subkeys option, but this
> would be a very useful feature anyway)
Yes it would be pretty neat.
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 536 bytes
Desc: not available
Url : /pipermail/attachments/20010910/a17ccfc9/attachment.bin
More information about the Gnupg-devel
mailing list