Concerning subkey passwords: changes to private key storage method?
Werner Koch
wk at gnupg.org
Sat Oct 22 12:43:15 CEST 2016
On Thu, 20 Oct 2016 12:29, initramfs at initramfs.io said:
> If I recall correctly, GPG private keys are stored under symmetric
> encryption where a PBKDF derives the symmetric encryption key,
> protecting the keys in case of compromise. Having separate passwords per
> subkey implies that each key is encrypted and stored separately. This
Right. However, gpg tries to make sure that the same passphrase is used
for the primary and the subkeys. This has always been the case.
A new thing we do in 2.1 is to try a cached passphrase from any key on
the keyblock. This solves the common use case to first decrypt a
message (using a subkey) and then send a signed reply (using the primary
key).
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: </pipermail/attachments/20161022/070b595c/attachment.sig>
More information about the Gnupg-users
mailing list