how to do

J. David Boyd jdavidboyd at
Thu Jul 10 15:13:30 CEST 2014

"Paul R. Ramer" <free10pro at> writes:

> On July 9, 2014 11:40:06 AM PDT, MFPA <2014-667rhzu3dc-lists-groups at> wrote:
>>Hash: SHA512
>>On Wednesday 9 July 2014 at 5:54:36 PM, in
>><mid:3222188.kZ1ztGDBqg at inno>, Hauke Laging wrote:
>>> Am Di 08.07.2014, 14:41:36 schrieb J. David Boyd:
>>>> which means that any of them can make changes to your
>>>> keys.
>>> And that is wrong.
>>Please can you elaborate on how it is incorrect to say that somebody
>>who knows the passphrase to a secret key can make changes to that key.
>>Would this maybe be the case when using an encryption subkey with an
>>offline main key?
> If you make encryption and signing subkeys you can export them
> (i.e. the secret subkeys), create a new gnupg home directory, import
> the subkeys, change the password on them, and finally, export and
> distribute them to the people who are supposed to use them.
> By doing this you can have a person who manages the master key
> separately under another password and the authorized users can use the
> encryption and signing secret subkeys without being able to make
> changes to them.
> The person who manages the master key can add new UIDs for the any new
> user and give that person a copy of the secret subkeys with the
> password.  The only problem that I see right away is revoking control
> when one of the users leaves.  One way that you could remedy this is
> to revoke the old subkeys and issue new ones.
> I am not recommending this method but it is a way that it can be done.
> Anyway...
> Cheers,
> -Paul
> --
> PGP: 3DB6D884

Wow, that would be a lot of work.  Actually, I didn't even know you could do
that.  GPG is versatile, to say the least.

PGP: 96569433

More information about the Gnupg-users mailing list