Different passphrase for subkey

Hauke Laging mailinglisten at hauke-laging.de
Wed Jul 31 03:05:31 CEST 2013

Am Di 30.07.2013, 22:58:37 schrieb atair:
> Hi,
> is it possible to have a master key and several subkeys with the
> subkeys having a different (e.g. shorter) passphrase than the master
> key?

What you are probably looking for is an offline mainkey (see --export-secret-
subkeys). But the answer is: yes. gpg-agent does not care about the connection 
of keys. It asks you even for the same passphrase several times (for different 
components of the same key).

But GnuPG does not support this directly.

1) Export the secret key (--export-secret-keys without --armor)

2) change the passphrase

3) Export again (to a different file, of course)

4) Use gpgsplit on both files (in different directories). The result looks 
like this:


5) Now you mix the components of the two groups:
mkdir combined
mv a/000001* a/000002* a/000003* combined/
mv b/000004* b/000005* combined/
cd combined/
cat * > different_passphrases.gpg

6) Delete the key from secring: --delete-secret-key

7) Import the new one: gpg --import different_passphrases.gpg

Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130731/ba9518c6/attachment.sig>

More information about the Gnupg-users mailing list