Where to save passphrases?
Sudhir Khanger
sudhir at sudhirkhanger.com
Sat Jul 26 10:19:52 CEST 2014
On Sat, Jul 26, 2014 at 12:58 PM, Mathias Bauer <mbauer at mailbox.org> wrote:
> * Sudhir Khanger wrote on Sat, 26 Jul 2014, at 12:29 (+0530):
>
>> On Sat, Jul 26, 2014 at 3:06 AM, Mathias Bauer <mbauer at mailbox.org> wrote:
>
>> > Usually it's *one* passphrase for the whole GnuPG key
>> > material.
>>
>> Do you not need to set different passphrase for each subkey?
>
> No, usually not. If you generate a key using some GUI or if you
> are working on some terminal and use the command
>
> $ gpg --gen-key
>
> you will be asked for one passphrase only. Although this will
> create a main key and a subkey.
>
> There are more sophisticated scenarios which may use multiple
> passphrases. For example, if you want to use a so called
> "offline key", you will have at least two passphrases: one for
> your offline key and one for your "daily working key".
>
> Regards,
> Mathias
Is using some single-sign-on method, like keychain or pam, to keep gpg
passphrase cached in gpg-agent for the length of user session, so that
one doesn't have to enter gpg key passphrase every time one is sending
an email, considered a common practice? Or does that again fall in
risky behavior category?
--
Regards,
Sudhir Khanger.
sudhirkhanger.com
https://github.com/donniezazen
More information about the Gnupg-users
mailing list