What should '--local-user' mean when multiple secret keys match?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jan 31 23:13:26 CET 2019


On Tue 2019-01-29 11:19:59 +0100, Dashamir Hoxha wrote:
>      Make sure that you have only one secret key on each GNUPGHOME
>      (the old key on ~/.oldgnupg, and the new one on ~/.gnupg).

Thanks, this is definitely another functional workaround that i could
probably do in some contexts, but i can see how it would be difficult
for a novice user (someone who doesn't even know what environment
variables are).  And it could also be problematic for (for example) a
mail user agent, which is receiving mail that is encrypted to both the
old key and the new key.  Which GNUPGHOME should that mail user agent be
pointed to in order to handle incoming mail? (not to mention accessing
historical mail archives)

> From my experience (and meditation) I have arrived in the conclusion
> that usually it is better to keep only one secret key per context (or
> GNUPGHOME), and to change the context whenever you need to use a
> different key.

This is a super interesting observation.  Do other people have the same
experience?  it seems to me that keeping the public keyrings in sync
alone would be a fair amount of hassle.  Can you describe any other
scenarios where that might improve the user experience?  I want to
really focus on making it easy for even a non-technical user to do
sensible things easily, in particular here: a planned, phased-in,
non-sudden key transition.  Can you give other examples of where the
separated secret keyring is concretely useful and usable?

          --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190131/05ade4b9/attachment.sig>


More information about the Gnupg-devel mailing list