Add sign key only?

Hauke Laging mailinglisten at
Sat Dec 11 22:55:35 CET 2010

Am Samstag 11 Dezember 2010 17:36:46 schrieb Chris Poole:

> Also, since I have two subkeys for encryption and signing, both use the
>  same passphrase, so I don't see how it'll stop anyone who gets my
>  encryption key being able to sign documents as me too.

1) Make a backup of the public (--export) and then of all secret keys (--

2) Delete the signing subkey.

3) Change the passphrase (--edit-key ...; passwd)

4) Export the secret subkey (the one for encryption): --export-secret-subkeys

5) Delete the key and import the backup.

Now you have a file with the key you may be forced to give away. This file is 
passphrase protected but with a different passphrase.

Depending on the scenario it may not be neccessary to give away your private 
key but be enough to give away the symmetric keys for the respective files. 
See --show-session-key.

PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20101211/760f7a6d/attachment.pgp>

More information about the Gnupg-users mailing list