this post was submitted on 09 Jan 2026
4 points (100.0% liked)

Privacy

4613 readers
599 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 1 year ago
MODERATORS
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
4
A little help with GnuPG (lemmy.world)
submitted 2 weeks ago by MITM0@lemmy.world to c/privacy@lemmy.dbzer0.com
7 comments fedilink hide all child comments
 

I want to some guidance.

So let's say you created a PGP key & then proceeded to create 2 subkeys. Is it possible to just export the particular subkeys only. (let's say one for encryption & the other for signing) for OTHERS to import into their keyring for authentication & encryption ?

you are viewing a single comment's thread
view the rest of the comments
[–] MITM0@lemmy.world 1 points 6 hours ago (1 children)

The thing is with each new primary-keys you have build up trust, but subkeys are associated.

It's a covenience thing

[–] ken@discuss.tchncs.de 2 points 6 hours ago* (last edited 6 hours ago) (1 children)

The trust comes from the association. You can't remove (or keep private) the association and expect to not have to separately rebuild the trust as a consequence. That what you are trying to do is made is inconvenient in GPG is quite intentional I believe. Or maybe I misunderstand your motivations, it's a bit ambiguous and you leave a lot open for interpretation.

[–] MITM0@lemmy.world 1 points 1 hour ago (1 children)

I just want to know if it can be done or not, if it cannot be done, then why ? If it can then how ?

[–] ken@discuss.tchncs.de 1 points 1 hour ago* (last edited 26 minutes ago)

Because it's not something people commonly do. Because the GPG authors wanted to design for and encourage what they consider appropriate use and discourage and make difficult (but not impossible) what they consider inappropriate use. Removing a footgun for people not fully understanding the trust model of PGP or just slipping up doing that and then ending up in situations they didn't account for. In general I could have a lot of criticism of the UI/UX of GPG but in this case I can see where they're coming from and find this thread supporting it as working as intended so far.

That you need to have deep knowledge of obscure GPG internals to pull this off is by design. It's not considered part of intended use. Similar thinking to why in Chromium you don't have a button to bypass HSTS validation error but need to type in the cheat code "thisisunsafe". It nudges users to stop and think more consciously about what's going on.