It's time for PGP to die.

Jerry jerry at
Mon Aug 18 13:13:21 CEST 2014

On Mon, 18 Aug 2014 10:04:54 +0100, Rob Ambidge stated:

> I read an article or something a while back stating the legal theory that
> if your passphrase is an admittance to a past crime, to hand over said
> passphrase would constitute as having said "testimonial value" and you
> could get away with not disclosing the passphrase. But it is just legal
> theory, and I am no expert in law, american law, or even cryptography. So
> what happens in practice is anyone's guess really.
> On 18 August 2014 07:01:46 BST, Johan Wevers <johanw at>
> wrote:
> >On 17-08-2014 22:42, Robert J. Hansen wrote:
> >
> >> The only time production of a passphrase is permitted is when
> >> it lacks any testimonial value.
> >
> >And who determines wether it has any "testimonial value"?
> >
> >That sounds like a fine legal loophole to pressure someone into telling
> >the passphrase. In those cases where the US government is actually
> >interested in paying lip service that it will obey the law that is -
> >they could just as easily declare you an "illegal combattant" or
> >something like that and just torture it out of you.

Much of the discussion has been about what analogy comes closest. Prosecutors
tend to view PGP passphrases as akin to someone possessing a key to a safe
filled with incriminating documents. That person can, in general, be legally
compelled to hand over the key. Other examples include the U.S. Supreme Court
saying that defendants can be forced to provide fingerprints, blood samples,
or voice recordings.

The entire article is available here:


More information about the Gnupg-users mailing list