Concerning subkey passwords: changes to private key storage method?

Werner Koch wk at
Sat Oct 22 12:43:15 CEST 2016

On Thu, 20 Oct 2016 12:29, initramfs at said:

> If I recall correctly, GPG private keys are stored under symmetric
> encryption where a PBKDF derives the symmetric encryption key,
> protecting the keys in case of compromise. Having separate passwords per
> subkey implies that each key is encrypted and stored separately. This

Right.  However, gpg tries to make sure that the same passphrase is used
for the primary and the subkeys.  This has always been the case.

A new thing we do in 2.1 is to try a cached passphrase from any key on
the keyblock.  This solves the common use case to first decrypt a
message (using a subkey) and then send a signed reply (using the primary



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: </pipermail/attachments/20161022/070b595c/attachment.sig>

More information about the Gnupg-users mailing list