multiple keys vs multiple identities

David Shaw dshaw at jabberwocky.com
Fri Sep 24 15:54:41 CEST 2010


On Sep 24, 2010, at 8:15 AM, Vjaceslavs Klimovs wrote:

> Hi,
> If I have multiple not related e-mail accounts, is it better to create
> one key pair with multiple identities or a separate key pair for every
> account?

It's really a matter of taste.  Some people like using different keys for different roles in their life (similar to how they'd use different email addresses for home and work).

Arguing for different keys: if one key is compromised, the other one isn't.  Some people have a different machine at home and in the office, so leaving the home key on the office computer is less than optimal.

Arguing for the same key: it's easier to build a web of trust if you don't have to get signatures twice.

Personally, I'd use different keys, but again, this is a matter of taste.

> Is it good idea to create 4096 bit keys when creating new key pair? I
> read through archives on this mailing list, and it seems there is no
> real disadvantages of doing so.

It won't work with the current generation of OpenPGP smartcards.  It also will be dreadfully slow if you (or someone you are communicating with) ever uses the key on a small machine (think smart phone).  If you are usually on a "full power" computer, then they generally have the CPU to spare for this sort of thing, and you'll rarely if ever notice a difference.

David




More information about the Gnupg-users mailing list