On Wed, 30 Mar 2005 13:53:47 +0200, Dirk Traulsen said: > This sounds interesting. Please help me to clarify it a bit. > After some tests and reading in my understanding it works like this:
[1...7] Correct. > When system2 would be cracked, an attacker would not have access to > the secret part of my main key (really?). Correct. The secret key is not on system2. This is indicated by a hash mark like: sec# 1024D/5B0358A2 1999-03-15 [expires: 2009-07-11] uid Werner Koch <[EMAIL PROTECTED]> uid Werner Koch <[EMAIL PROTECTED]> ssb 1024D/010A57ED 2004-03-21 ssb 2048R/B604F148 2004-03-21 (A similar thing is with smartcards, there a '>' indicates that the secret key is actually stored on a smartcard). > But for me it would still be possible to go to system1 and > a. change my passphrase > b. revoke the compromised subkeys > c. add new subkeys and start the cycle again > without loosing all the signatures on my uid in the primary key, what > would have been the case, if I had to revoke the complete key. Correct. > The only negative point is, that I have to go to system1 to maintain > my key. > Is this correct? Yes. Salam-Shalom, Werner _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users