dadoug
commented
7 years ago In terms of "best practice" this a good idea that never dawned on me for integration here; thanks for pointing it out.
I agree with your intuition is that it's a rather subtle concept that one could have different passphrases for the "same" key and so, in terms of integration into this software, I like the idea that this is an extra feature that one can call if so desired.
I like --different-sub-key-passphrase as the option name since one isn't exactly actively "chang"-ing a key.
codebrewer
The Debian wiki article Using OpenPGP subkeys in Debian development suggests changing the passphrase protecting the sub-keys (at step 6, after removing the private master key at step 5). As the article says:
I believe it's not possible to change the passphrase on just the sub-keys if the private master key is present (as the passphrase on the private master key would be changed too), so this is something that only makes sense if the private master key has been removed (which of course is the default behaviour for
gneasy-genkey).The downside to doing this is that the user needs to remember two passphrases - one for everyday signing, decrypting and authenticating and the other for re-importing the private master key and using it (for certification, generating new sub-keys etc.).
If this feature is considered desirable then the question is whether to enable it by default or not. It's arguably an "advanced" feature so perhaps disabled by default? It could be enabled by one of these (or whatever):
--keep-passphrase false--keep-master-passphrase false--change-passphrase--change-sub-key-passphrase--change-subkey-passphrase(I'm assuming this should be possible with a state machine but I haven't tried it yet.)The state machine approach works for this.