On Mon 2015-01-12 10:13:48 -0500, s7r wrote: > Is it possible to have one masterkey with two subkeys (sbind), one for > encrypt only and one for sign only, and each of them to have different > passphrases?
Yes, it is possible. with gpg 2.1, you can create new subkeys and give each of them a different passphrase. I haven't tested with 1.4 or 2.0. > Additionally, how can I select in enigmail which userID I want to sign > when signing a key with multiple UserIDs? I do not want to sign the > primary one. Enigmail just offers me the ability to 'sign key', > nothing said about UserID, just lets me select either normal signature > or local signature not exportable. The thing that you're signing with is a key. it's either your primary key, or a signing-capable subkey. Your User IDs are all associated with your primary directly (and with your subkeys indirectly, through the primary key). The OpenPGP standard defines a way to embed the preferred user ID in a given signature using a "signer's user ID" subpacket [0], but it has several drawbacks: * i'm not sure how to do it in GnuPG, which enigmail relies on for the OpenPGP parts, and * it's not clear what a receiving MUA should do with that information, even if it was present. So i don't think this is a feature request that makes a lot of sense, really. Can you explain more what you'd hope to gain from such a configuration? --dkg [0] https://tools.ietf.org/html/rfc4880#section-5.2.3.22 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
