Same private key on multiple sites
Justin R. Miller
justin@solidlinux.com
Sun Sep 2 02:24:01 2001
--Bn2rw/3z4jIqBvZU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Thus spake David Shaw (dshaw@jabberwocky.com):
> Also look at --export-secret-subkeys, which does almost the same
> thing, but blanks out the secret part of the primary signing key.
>=20
> This is really useful as it lets you keep the important primary key
> (the one that collects signatures, and thus ties you to the web of
> trust) offline altogether, and just use subkeys which are easily
> creatable and revocable to do your work. I'm a big fan of this
> feature, as I also need to have keys in multiple places.
I've had this message around for a while, planning on going back to it
and learning about this. Can anyone elaborate on this a bit? As I
understand it, you have a master key which is used for signatures (but
is that digital signatures, or key signing?) and which collects
signatures, and you have a subkey which is used for decryption. So by
"your work", you mean just decryption? Or is there a safe way to
transport your method of signing? Also, on a similar point, I know that
the recipient's public key is used for encryption, but does this involve
your master key in any way, i.e. can you still encrypt having only your
subkey? =20
Thanks in advance.=20
--=20
| Justin R. Miller / justin@solidlinux.com / 0xC9C40C31
| Of all the things I've lost, I miss my pants the most.
----------------------------------------------------------
--Bn2rw/3z4jIqBvZU
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7kXuz94d6K8nEDDERAhRkAJ0QxTCOiiHFXiNG9ymZMbRdat4qRwCdHWc1
x7X0RyrhEhwFwEgGDS5qwsM=
=Ij5Y
-----END PGP SIGNATURE-----
--Bn2rw/3z4jIqBvZU--