Same private key on multiple sites

[Justin R. Miller]

--Bn2rw/3z4jIqBvZU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Thus spake David Shaw (dshaw@jabberwocky.com):

> Also look at --export-secret-subkeys, which does almost the same
> thing, but blanks out the secret part of the primary signing key.
>=20
> This is really useful as it lets you keep the important primary key
> (the one that collects signatures, and thus ties you to the web of
> trust) offline altogether, and just use subkeys which are easily
> creatable and revocable to do your work.  I'm a big fan of this
> feature, as I also need to have keys in multiple places.

I've had this message around for a while, planning on going back to it
and learning about this.  Can anyone elaborate on this a bit?  As I
understand it, you have a master key which is used for signatures (but
is that digital signatures, or key signing?) and which collects
signatures, and you have a subkey which is used for decryption.  So by
"your work", you mean just decryption?  Or is there a safe way to
transport your method of signing?  Also, on a similar point, I know that
the recipient's public key is used for encryption, but does this involve
your master key in any way, i.e. can you still encrypt having only your
subkey? =20

Thanks in advance.=20

--=20
| Justin R. Miller / justin@solidlinux.com / 0xC9C40C31
| Of all the things I've lost, I miss my pants the most.
----------------------------------------------------------

--Bn2rw/3z4jIqBvZU
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7kXuz94d6K8nEDDERAhRkAJ0QxTCOiiHFXiNG9ymZMbRdat4qRwCdHWc1
x7X0RyrhEhwFwEgGDS5qwsM=
=Ij5Y
-----END PGP SIGNATURE-----

--Bn2rw/3z4jIqBvZU--