Where to save passphrases?
sudhir at sudhirkhanger.com
Sat Jul 26 10:19:52 CEST 2014
On Sat, Jul 26, 2014 at 12:58 PM, Mathias Bauer <mbauer at mailbox.org> wrote:
> * Sudhir Khanger wrote on Sat, 26 Jul 2014, at 12:29 (+0530):
>> On Sat, Jul 26, 2014 at 3:06 AM, Mathias Bauer <mbauer at mailbox.org> wrote:
>> > Usually it's *one* passphrase for the whole GnuPG key
>> > material.
>> Do you not need to set different passphrase for each subkey?
> No, usually not. If you generate a key using some GUI or if you
> are working on some terminal and use the command
> $ gpg --gen-key
> you will be asked for one passphrase only. Although this will
> create a main key and a subkey.
> There are more sophisticated scenarios which may use multiple
> passphrases. For example, if you want to use a so called
> "offline key", you will have at least two passphrases: one for
> your offline key and one for your "daily working key".
Is using some single-sign-on method, like keychain or pam, to keep gpg
passphrase cached in gpg-agent for the length of user session, so that
one doesn't have to enter gpg key passphrase every time one is sending
an email, considered a common practice? Or does that again fall in
risky behavior category?
More information about the Gnupg-users