Chuck Peters
2013-09-24 00:21:09 UTC
I attended a small key signing party Saturday after generating a new key
with multiple subkeys with the notion of having a email signing keys on
less secure systems like my VPS (using mutt) and a separate subkey for
each computer or device.
https://wiki.debian.org/subkeys says "The really useful part of subkeys
is that they can be revoked independently of the master keys, and also
stored separately from them." ?So I can keep my primary key off the
network and use it only for signing other peoples keys. ?
Another sensible precaution is to have different passphrases for each of
these subkeys. ?However when working with the full key set when I
attempted to change the passphrase for a subkey, it also changed the
passphrase for the main key. ?I'm assuming at this point when I separate
the keys, I can change the passphrase as planned... ?Is this a bug?
?Should I file a bug report? ??
Then I decided I should do some more reading and get a better
understanding of subkeys and of the more recent documentation and blogs
I found the following:?
http://www.gnupg.org/faq/subkey-cross-certify.en.html
https://alexcabal.com/creating-the-perfect-gpg-keypair/
http://blog.dest-unreach.be/wp-content/uploads/2009/04/pgp-subkeys.html
https://grepular.com/Android_Privacy_Guard_and_Subkeys
OK, the FAQ is the first I heard about?subkey cross-certification. ?Is
that info current and correct? ?What is recommended?
Does anyone have some pointers on personal or organizational Policy and
Best Practices documents under a copyright or license terms that allow
modification?
Thanks,
Chuck
with multiple subkeys with the notion of having a email signing keys on
less secure systems like my VPS (using mutt) and a separate subkey for
each computer or device.
https://wiki.debian.org/subkeys says "The really useful part of subkeys
is that they can be revoked independently of the master keys, and also
stored separately from them." ?So I can keep my primary key off the
network and use it only for signing other peoples keys. ?
Another sensible precaution is to have different passphrases for each of
these subkeys. ?However when working with the full key set when I
attempted to change the passphrase for a subkey, it also changed the
passphrase for the main key. ?I'm assuming at this point when I separate
the keys, I can change the passphrase as planned... ?Is this a bug?
?Should I file a bug report? ??
Then I decided I should do some more reading and get a better
understanding of subkeys and of the more recent documentation and blogs
I found the following:?
http://www.gnupg.org/faq/subkey-cross-certify.en.html
https://alexcabal.com/creating-the-perfect-gpg-keypair/
http://blog.dest-unreach.be/wp-content/uploads/2009/04/pgp-subkeys.html
https://grepular.com/Android_Privacy_Guard_and_Subkeys
OK, the FAQ is the first I heard about?subkey cross-certification. ?Is
that info current and correct? ?What is recommended?
Does anyone have some pointers on personal or organizational Policy and
Best Practices documents under a copyright or license terms that allow
modification?
Thanks,
Chuck