Dear GnuPG mailing list, Recently I've attempted to create a new GPG key (one master + 2 subkeys) with gpg --full-gen-key --expert and at the end of the key generation process (including gpg --edit-key --expert) I noticed I never got to set specific passwords/passphrases per subkey. This comes in contrast to my older GPG 2.1 master key, which requires a separate password per subkey (and one for the master).
If I recall correctly, GPG private keys are stored under symmetric encryption where a PBKDF derives the symmetric encryption key, protecting the keys in case of compromise. Having separate passwords per subkey implies that each key is encrypted and stored separately. This does not seem to be the case with newer keys. Has the key storage method changed? Or I am missing an obvious option to set it as such? What's even more weird is that if I import my old master key into keychain, I get the "old" behavior of separate passwords for that specific key. Exporting and reimporting does not change the behavior. Whereas there doesn't seem to be an option (at least in --edit-key) to use the behavior of one password per subkey. Was there a change made within the 2.1.x branch that changed the behavior of key storage/encryption? If so, is there a way to toggle between the aforementioned behaviors? Regards, initramfs N.B. I'm fairly certain the "old" key I have was created with GPG 2.1 given that it's an ECC key. I've recently moved from Arch to Gentoo, if that matters at all (using the same GnuPG version). _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
