Signing with more than one secret key available

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Tue Jul 30 10:50:02 2002


--=-fQ0jEue89U6DrDypyp+X
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, 2002-07-29 at 20:58, Todd wrote:

> > is it simply silly to use different keypairs?
>=20
> That's your call.  It's definitely more work to keep things straight, so =
I'd
> only do this if I had some very good reason to do so.  It's probably best=
 to
> only use different keypairs for different _groups_ of recipients, instead=
 of
> for each _individual_ recipient.  You might have a work key and a persona=
l
> key, for instance.

My take on this:

The idea of public key cryptography is that you can have only one key
because of the assymmetry of the algorithms. So, basically I would
recommend to have only one key when it's possible.=20

There are, however, a few reason why somebody has more than one key:

technicalities: many people have an old (pgp2) RSA key and a newer key,
because the didn't like RSA and because the pgp2 key format (v3) did not
have many of the options available with the new format.

security: My case... I have a key at work, where the secret key is
stored on my machine and is theoretically open to attack by my
co-workers and intruders here (Our firewall is quite tight, so don't
even try.) The other key is at home and will never leave - so you'd have
to physically break into my place to get it.

roles: Some people have other keys besides their personal key, like an
official company key or something like that. Quite obvious why it can't
be just uids, think.

Of course, there's nothing preventing you from having many keys. But the
idea of the web of trust encourages using only few keys.

cheers
-- vbi

--=20
secure email with gpg                         http://fortytwo.ch/gpg

--=-fQ0jEue89U6DrDypyp+X
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQA9RlN/wj49sl5Lcx8RAmCeAJ92Hi73nffsE7V4/1Ev5P0vQk5JHACfWvUt
BXZKilhni/pwQScVW4ELMlc=
=HsRq
-----END PGP SIGNATURE-----

--=-fQ0jEue89U6DrDypyp+X--