-----BEGIN PGP SIGNED MESSAGE-----
Does PGP7 or GnuPG provide the ability to use a separate
passphrase for the master key and its subkeys? I'd like to
use my master key rarely, for key-signing only, and protect
it with a passphrase that I almost never use. I'd then use
(limited-lifetime) subkeys for everyday decryption.
Ideally, I'd be able to make a subkey for everyday signing
of messages. The OpenPGP specification would appear to
allow this, but I don't see any commands for doing so in the
implementations.
As an experiment, I generated such a master/subkey set and
imported it into PGP 6.5.3. I found that it couldn't decrypt
material encrypted to the encryption subkey. I then tried
the passphrase-changing dialog, and it (quite reasonably)
complained about "the" passphrase being incorrect, but it
did change the master's passphrase. Even though I had
changed the passphrases to match, I was unable decrypt until
I went through the passphrase-changing dialog yet again.
So, unless I'm missing something, it doesn't look like this
is possible. I also see no way to generate a signing subkey.
Yes, I can create a completely separate key-signing key,
but this gives up the values of the master/subkey (notably,
being able to accumulate signatures on master/userId
relationships that automatically apply to all subkeys).
The very limited coupling available in the implementations
just doesn't buy very much.
Any thoughts?
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQEVAwUBOoDiPGNDnIII+QUHAQFlvwf9EJHKflFzMzzKjEbh+K1raI5SdDYbVgXX
wDYxr3U6KxvDADXcsKVuKBqcaZoLBJe0zYipBcskdE9PQ1ApOrCnOSfF4UZCE7SZ
HvrQf54BQKcLYrWyrgF2eR5HJCCGold6ppDx0vlTMnJt73nfpA85+9inHDe6Ovx9
EmNo05+Tmy0E8UEA9w9BkA5fpovtxnY+GTi7O94CvxO9VRy6/5uiE24cX8Sp5Fof
+7ouBuMVUj4IIRgmvosGL5hpv3J4HethG6H6mTjWFZ7DtOFPGf42tbwrYIcJ8rzk
vNSM/0TpaihfSJN1XS9V1A1KkCMB8eEkfLs6HlB+ebHUvXuGcMAEtA==
=DmBj
-----END PGP SIGNATURE-----