passphrases: the police and subkeys scenario

[David Shaw]

On Wed, Jun 11, 2008 at 03:41:05PM -0400, Rick Valenzuela wrote:
> I'm now confused about creating a separate subkey for encrypting, as
> opposed to creating one keypair that signs and encrypts. The example
> I've seen around is that if you're set up the subkey way and the police
> demand the private part of your key, you don't have to sacrifice your
> primary key, which carries all your signatures. (I hope I said that
> correctly.)

The signatures are actually on both the primary key and your user IDs,
but that's basically correct.

> Well, I understood that as meaning I would have separate passphrases for
> the subkey and the primary key: Apparently, that's not possible. So then
> how would this police scenario play out? If supposing then that TSA or
> some entity forces me to give up my passphrase for decryption purposes,
> then I've compromised everything, no?

GPG (somewhat) supports different passphrases on subkeys and primary
keys.  The catch is that it does not generate such a key itself, so if
you want it, you have to generate it manually.

An easy way to handle the police scenario you give is to remove the
passphrase from your key, use --export-secret-subkeys to export just
the subkeys to a file, then put the passphrase back on your key.  Give
the police the subkey file, and you're done.  They then have the
ability to decrypt, but don't have your primary key.

That's just talking crypto, of course.  If it ever comes down to this
in the real world, I'd recommend talking to a good lawyer before you
do anything.

David