gpg asking gpg-agent for subordinate key's passphrase

David Shaw dshaw at jabberwocky.com
Tue Apr 1 20:55:01 CEST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Mar 29, 2003 at 11:34:36PM +0100, Michael Teichgräber wrote:

> I am using a keypair containing a primary DSA key and a subordinate
> encryption-only ElGamal key (as it is default). If I understand it
> right, there is only one passphrase for protecting both the primary
> and the subordinate key.
> 
> When using gpg (1.2.1) with gpg-agent, I normally have to enter my
> passphrase two times: When decrypting, and when signing.
> 
> This is because gpg sends a GET_PASSPHRASE with the key ID of the
> subordinate key in the first case, and with that of the primary key in
> the other case. However, in both cases the same passphrase will be
> returned.
> 
> If gpg would ask gpg-agent for the primary key ID in both cases, this
> would perhaps avoid the need for typing the passphrase a second
> time. Could this have unwanted side-effects?

It is very common to have the same passphrase for primary and subkeys,
but it is not required.  The agent needs to query for the exact key
that is to be used for this reason.

I suppose it could be possible to pass a hint to the agent that a key
is a subkey so it could try the passphrase for the primary key before
asking about the subkey.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc1 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc

iD8DBQE+idKZ4mZch0nhy8kRAhtnAKDSAG7HzbjaaxxZr6/LsvzpGph04gCgw5gO
LbUfN8PNXmcxqjXtllJrlwo=
=cWr4
-----END PGP SIGNATURE-----




More information about the Gnupg-devel mailing list