gpg-agent question

Todd Freedom_Lover at pobox.com
Fri Dec 12 14:49:24 CET 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shaw wrote:
> I was half kidding in my response.

Oh.  I missed that.  I figured you were just teasing me a little for
missing a feature that was already present.

> GnuPG can handle this, but not because of something special in
> GnuPG.  Having different passphrases on different subkeys is a
> requirement of the OpenPGP format - each key is encrypted by itself.

I see.

> If the user happens to use a different passphrase on each, then the
> end result is a different passphrase on each.

That sounds redundant.  It's like you said the same thing twice.  :)

> The user interface in GnuPG doesn't allow you to make such a key,
> but if you can do it elsewhere, GnuPG will properly handle the key.

That explains the gpg-agent behavior then.  Since I don't use
different passphrases for each key part, I found the prompting for
each annoying when I first encountered it.  That's why I was curious
if it was done that way to accommodate some future version (or even
some other crypto system than OpenPGP, since the Aegypten project also
is working on S/MIME support).  Now I know it's to be compliant with
the RFC.  It's nice to know you guys try so hard to meet the specs!
Thanks for all the effort!

> The only way to do it right now is to manually build the key using
> gpgsplit.  Export the secret key and gpgsplit it.  Then, change the
> passphrase, re-exprt, and re-gpgsplit.  Now copy the subkey with the
> new passphrase over the subkey with the old passphrase, leaving the
> other packets intact.  Reassemble, and re-import the key.  It's a
> hack.

No worry, I have no plans to do this.  I can see some folks wanting to
use this and it having it's place, but for my uses it would be
overkill.

Thanks again for the clarifications!

- -- 
Todd        OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
Play "wheels on the bus" and get the hell out of my sight.
    -- Stewie Griffin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.

iD8DBQE/2hvEuv+09NZUB1oRAp9EAKCOhpMl/1jFwxiRLjk4wjYQ3f6anACgo/Ne
LVjXJ4heLzj5zblRLiEwiHI=
=6MnH
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list