Same private key on multiple sites

Justin R. Miller
Sun Sep 2 02:24:01 2001

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Thus spake David Shaw (

> Also look at --export-secret-subkeys, which does almost the same
> thing, but blanks out the secret part of the primary signing key.
> This is really useful as it lets you keep the important primary key
> (the one that collects signatures, and thus ties you to the web of
> trust) offline altogether, and just use subkeys which are easily
> creatable and revocable to do your work. I'm a big fan of this
> feature, as I also need to have keys in multiple places.
I've had this message around for a while, planning on going back to it and learning about this. Can anyone elaborate on this a bit? As I understand it, you have a master key which is used for signatures (but is that digital signatures, or key signing?) and which collects signatures, and you have a subkey which is used for decryption. So by "your work", you mean just decryption? Or is there a safe way to transport your method of signing? Also, on a similar point, I know that the recipient's public key is used for encryption, but does this involve your master key in any way, i.e. can you still encrypt having only your subkey? =20 Thanks in advance.=20 --=20
| Justin R. Miller / / 0xC9C40C31
| Of all the things I've lost, I miss my pants the most.
---------------------------------------------------------- --Bn2rw/3z4jIqBvZU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see iD8DBQE7kXuz94d6K8nEDDERAhRkAJ0QxTCOiiHFXiNG9ymZMbRdat4qRwCdHWc1 x7X0RyrhEhwFwEgGDS5qwsM= =Ij5Y -----END PGP SIGNATURE----- --Bn2rw/3z4jIqBvZU--