Different passphrase for subkey
Hauke Laging
mailinglisten at hauke-laging.de
Wed Jul 31 03:05:31 CEST 2013
Am Di 30.07.2013, 22:58:37 schrieb atair:
> Hi,
>
> is it possible to have a master key and several subkeys with the
> subkeys having a different (e.g. shorter) passphrase than the master
> key?
What you are probably looking for is an offline mainkey (see --export-secret-
subkeys). But the answer is: yes. gpg-agent does not care about the connection
of keys. It asks you even for the same passphrase several times (for different
components of the same key).
But GnuPG does not support this directly.
1) Export the secret key (--export-secret-keys without --armor)
2) change the passphrase
3) Export again (to a different file, of course)
4) Use gpgsplit on both files (in different directories). The result looks
like this:
000001-005.secret_key
000002-013.user_id
000003-002.sig
000004-007.secret_subkey
000005-002.sig
5) Now you mix the components of the two groups:
mkdir combined
mv a/000001* a/000002* a/000003* combined/
mv b/000004* b/000005* combined/
cd combined/
cat * > different_passphrases.gpg
6) Delete the key from secring: --delete-secret-key
7) Import the new one: gpg --import different_passphrases.gpg
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130731/ba9518c6/attachment.sig>
More information about the Gnupg-users
mailing list