I do not think that PGP 2.x can easily (ie: Automatically) use one key for Signing and another for Encrypting a Message (it does both at the same time if you ask). If I "Clear Sign" a message and then Encrypt it, then I get the result but I'm not sure if doing the decrypt on such a message will automatically spot the signature and verify it (as would occur with a E+S pass).
PGP identifies the key for decryption and signature checking from the message. When you're signing a message or key, you can pick which of your keys to use with the -u option. The difficulty is getting people to use your encryption key instead of your signature key when encrypting stuff for you. Derek mentioned one approach (get people to load the encryption key first); unfortunately, you can't predict their behavior, and if you change encryption keys more often than signature keys, they'll load the newest encryption key last. Another approach is to identify them in the names - my key certification key says "KeyCert-only" in the text. For the problem that started this discussion, though, there's no good solution. Since the Bad Guys _can_ encrypt a message to you with your signature key, and send it to you by anonymous remailer, they can plant a reason to suspect that you may have evidence encrypted with that key. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #---