Multiple sub-signingkeys
Per Tunedal
pt@radvis.nu
Sat Apr 26 21:14:02 2003
Hi,
Finally I hope that I have understood what Adrian von Bidder tells on his
page about using multiple subkeys:
http://fortytwo.ch/gpg/subkeys/
It is possible to use a "crippled" key without the secret primary signing
key if an other secret signing key is present. Only the public primary
signing key is needed. When listing the secret keys the primary key with
missing secret key is market with #.
"your primary secret key should be marked with a '#':
$ gpg --list-secret-key testuser
sec# 1024D/971B7A70 2003-01-03 testuser <testuser@mydomain.foo>
ssb 1024g/ACDF80C4 2003-01-03
ssb 1024R/BE9CA308 2003-01-07"
This crippled key can be used on an insecure computer, while your complete
key can be used on a secure computer. When listing secret keys for the
original key the primary key is shown without the #.
You can thus easily see what secret keys are present in each keyring.
(If I am right it might be a good idea to emphasize this on your page, Adrian!)
I find Adrians advice very useful. Why isn't it easier to do it?
(I have tried to do it with WinPT and it works OK. But I cannot see what
secret keys are present neither with WinPT, nor with GPGrelay.)
Have I missed something?
Per Tunedal
PS I have previous tried using multiple encryption keys in a similar manner
without success ...