OpenPGP Secret Key Transfer

Guilhem Moulin guilhem at fripost.org
Mon Jun 5 16:12:15 CEST 2017


Hi there,

On Sun, 04 Jun 2017 at 17:04:59 -0400, Daniel Kahn Gillmor wrote:
> On Fri 2017-06-02 17:54:46 +0200, Werner Koch wrote:
>> On Fri,  2 Jun 2017 17:14, look at my.amazin.horse said:
>>
>>> Moving secret keys between devices at a meeting, is this a common use
>>> case? Can you elaborate?
>>
>> Project releated (sub)keys.  Not very common today but I hope in the
>> future this will be a standard practise.
> 
> This idea is neat; but it sounds speculative and only useful to a
> certain subset of people (not everyone is involved with projects that
> use split or shared keys).

For signature verification I think we would need some mechanism to tell
GnuPG to limit the scope of this or that subkey.  FWIW I brought that up
to gnupg-devel in autumn 2015, and proposed to use certification
notation to limit subkey scopes:

    https://lists.gnupg.org/pipermail/gnupg-devel/2015-November/030576.html

(I wish I could limit the scope of the signing subkey I use for Debian
packages for instance, and take it offline. ;-)

Cheers,
-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </pipermail/attachments/20170605/f5934f54/attachment-0001.sig>


More information about the Gnupg-devel mailing list