one key or multiple keys

Neil Williams linux@codehelp.co.uk
Sun Jun 22 19:33:02 2003


--Boundary-02=_lie9+TMPMe1a1+F
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Sunday 22 Jun 2003 2:34 pm, Marcin Gil wrote:
> This question came up recently:
>
> Should I use only ONE key for every email address I have
> (with multiple IDs, eg. Marcin Gil <email #1>, Marcin Gil <email #2>)
> or should I use multiple keys -- one for every email address?

It's mostly about maintenance. One key is easier to maintain than 4.=20

If you are going to collect signatures from others as part of a Web Of Trus=
t,=20
it'll be a bit easier if it's all on one key. With separate keys you could=
=20
end up generating lots of signatures on each key just by yourself - signing=
=20
each key with at least one of the alternatives. Keeping separate keys seems=
=20
quite a hassle. (Others can sign all verified UID's at the same time with o=
ne=20
key).

Having separate encryption keys means that you have to have a way of tellin=
g=20
which key has encrypted the file - each with a different password.

The only real reasons I can see to have multiple keys are:
1. accidental (as with me): Generated a second key for a second machine=20
instead of reading up on GnuPG and learning how to export and import secret=
=20
keys.
2. Different algorithms or key sizes etc. If you know about the various=20
algorithms and have preferences for one over another for email signatures=20
versus encryption, then you can keep one key for email sigs and one for all=
=20
your encryption.


>
> Regards,

=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/


--Boundary-02=_lie9+TMPMe1a1+F
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+9eiliAEJSii8s+MRAlLMAJ971PhxW64+pIxl+0Cqv6kX+OIGTQCdEn/k
oFtCv0W2NjINOIGj1QSm/Y0=
=iABV
-----END PGP SIGNATURE-----

--Boundary-02=_lie9+TMPMe1a1+F--