It's time for PGP to die.

Robert J. Hansen rjh at
Mon Aug 18 15:51:40 CEST 2014

> Much of the discussion has been about what analogy comes closest. Prosecutors
> tend to view PGP passphrases as akin to someone possessing a key to a safe
> filled with incriminating documents.


Nobody really cares what prosecutors view it as: the question is what 
they can get a judge to rule it as.

That said, the analogy is pretty much exact.  If the documents in the 
safe would incriminate you, and the government knows they exist and 
roughly what their contents are, then yes, you can be subpoenaed to 
provide them.  (If the government doesn't know they exist or generally 
what their contents are, the subpoena gets rejected as an illegal 
fishing expedition.)

If knowing the combination *by itself* would incriminate you, then you 
can't be compelled to provide.

For instance, let's say that a safe has been robbed.  There's no signs 
of forced entry or safecracking.  The government demands you cough up 
the combination, in order to prove that you had the means to commit the 
crime.  You object on grounds that proving you had the means to commit 
the crime would tend to implicate you in the crime.  The judge refuses 
the government's motion to compel you to produce the combination in court.

More information about the Gnupg-users mailing list