Multiple addresses: adduid vs. addkey vs --gen-key
Wed Mar 21 07:38:04 2001
I've read over the manual and I'm still a bit confused as to the
"best" way to use multiple email addresses. It seems to me there are
3 ways: adduid, addkey and --gen-key. I've detailed what are the pros
and cons (in my opinion) for each method. Please expand and/or
correct any of the issues.
This is probably what I want to use (but I just want to make sure).
My only issue is that what happens when I change email addresses? The
manual says that user IDs should not be deleted:
and user IDs cannot be revoked:
It mentions that I can *effectively* revoke the user ID using revsig.
However, as Josh Huber pointed out, the revoked key is visible
I can imagine after 20 years of use, there will be many revoked
signatures cluttering the valid signatures. Unless, of course, there
is some way to "hide" revoked IDs.
Ok, I'm not even sure what a subkey is and what it's intended use is.
>From what I can tell, you can use multiple subkeys to differentiate
between email addresses. The advantage here is that I can actually
revoke a subkey, where I cannot revoke a user ID. I'm guessing that
the passphrase is the same as the original (master?) key. I have no
idea what the disadvantages would be, although there must be something
I'm missing. :)
This would create 2 separate public/private key pairs (say I create
one for personal and one for work) with two separate passphrases, two
separate fingerprints, etc. The would seem like a good idea except
that it may confuse some people who interact with me on a work and
personal level. Plus I have to remember 2 passphrases and remember to
switch keys when signing/encrypting stuff. Besides, I really am one
person. In the "real" world I use the same signature on personal
documents as well as work documents, so why shouldn't I do the same in
the digital world? Besides, in reality, I have more than 2 email
addresses (though they could probably be grouped into "personal" and
Thanks for any insight!