[Q] Multiple signing keys (was: DSA 1024-bit limit)
Thu May 15 03:33:03 2003
Content-Type: text/plain; charset=us-ascii
On Tue, May 13, 2003 at 10:42:32PM -0400, Dennis Lambe Jr. wrote:
> It was based on this information that I made the decision to create my
> key as follows:
> pub 4096R/F53BA904 2003-04-21 Dennis Patrick Lambe Jr.
> [...snipped other IDs...]
> sub 1024D/16DE8D28 2003-04-21
> sub 4096g/BCE387ED 2003-04-21
> I believe David Shaw has a similar rationale for his key, which has the
> same structure. Is that right, David?
That is correct. I use a large RSA key as the primary, with an
encryption subkey, and a DSA signing subkey for day to day use. The
RSA primary is stored offline, so in a disaster scenario, I can just
revoke the subkeys and not lose the entire key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
-----END PGP SIGNATURE-----