Add sign key only?

Chris Poole lists at
Sat Dec 11 21:25:46 CET 2010

> If you were forced to disclose your encryption key, you could give them just that particular subkey and not give them the signing subkey at all.

But isn't the likelihood that they'll get your passphrase too, so the
security lies in the hope that they don't have access to the signing
subkey? This seems quite likely to me... I doubt they'd let you go
away and send them just the encryption/decryption key.

Also, my public key has changed now to reflect this extra key, but the
fingerprint remains the same. I just need to send this new key to the
keyserver? I don't have to re-generate a revoke certificate, since my
encryption subkey hasn't changed, right?


More information about the Gnupg-users mailing list