Key usage / Number of keys
Tue, 19 Dec 2000 12:17:41 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hi there, GaryP,
On 19 December 2000, I received the following message from you regarding
"Key usage / Number of keys"
G> I've generated a key pair at home which i use to enc and sign
G> messages. I keep my trustdb, and seckey ring on write protected floppy
G> disk, to prevent any other user modifying the contents. Mainly on floppy
G> to reduce the time its actually available for copying on the computer. I
G> know there are ways around this, but it makes it a little harder for
G> people to get access to my secring.
G> The question is, i want to sign / enc emails sent from work, should i
G> generate a new key pair for use just at work, allowing a seperate ID
G> that would contain my works email as opposed to my home email. Or should
G> i simply use the home key that i have on floppy disk?
G> Problem with the first is now having two keys / trust dbs etc to
G> maintain, but this does mean i can use a different passphrase, meaning
G> if the passphrase was captured it would only comprimise my work and not
G> home keys. (and vice-versa). This is even more true, by the fact that
G> the works computer will be shared with other users, I have a lot more
G> control over how and who uses my home computer (aside from really
G> paranoid ideas of people breaking in to my home computer, which i'm not
G> worried about, my information isn't that important ;-)
G> Problem with the second is the user id will be my home email address
G> and not my works email, which some people may find strange.
G> Does anyone else do something similar to this? Do you have two keys?
G> or have you found another way around this?
As a general rule, under both GnuPG and PGP, I generate a key pair for
*each e-mail address* I shall use to send signed/encrypted mail. If
you are really trying to make your mail as secure as possible, each
key pair will have a different passphrase, but for a small number of
addresses a common passphrase would do (although if the passphrase is
known by others they will then know all your passphrases...so its
often a trade off between security and what you can remember).
You can keep all your keys on a floppy which is then used from machine
to machine (I've never actually done this with GnuPG, only with PGP
Hope this helps..
Graham reply to: email@example.com
Please PGP/GnuPG sign mail for verification and encrypt for internet security
Written on 19 December 2000 12:11:02
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4b-winpt (MingW32)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to firstname.lastname@example.org