On 12/11/10 3:25 PM, Chris Poole wrote: >> If you were forced to disclose your encryption key, you could give them just >> that particular subkey and not give them the signing subkey at all. > > But isn't the likelihood that they'll get your passphrase too, so the > security lies in the hope that they don't have access to the signing > subkey? This seems quite likely to me... I doubt they'd let you go > away and send them just the encryption/decryption key. >
If you're voluntarily handing the key over to the authorities because of a court order or something, you could delete the signing key, change the passphrase, run export-secret-subkeys, and they'll still get everything they want. Having a seperate encryption key probably doesn't help with a malicious attacker, or someone who's forcing you to hand over the key with a rubber hose. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war." _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
