[Q] Multiple signing keys (was: DSA 1024-bit limit)

David Shaw dshaw@jabberwocky.com
Thu May 15 03:33:03 2003


--WfZ7S8PLGjBY9Voh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, May 13, 2003 at 10:42:32PM -0400, Dennis Lambe Jr. wrote:

> It was based on this information that I made the decision to create my
> key as follows:
>=20
> pub  4096R/F53BA904 2003-04-21 Dennis Patrick Lambe Jr.
> [...snipped other IDs...]
> sub  1024D/16DE8D28 2003-04-21
> sub  4096g/BCE387ED 2003-04-21
>=20
> I believe David Shaw has a similar rationale for his key, which has the
> same structure.  Is that right, David?

That is correct.  I use a large RSA key as the primary, with an
encryption subkey, and a DSA signing subkey for day to day use.  The
RSA primary is stored offline, so in a disaster scenario, I can just
revoke the subkeys and not lose the entire key.

David

--WfZ7S8PLGjBY9Voh
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc

iD8DBQE+wu5e4mZch0nhy8kRAsQ1AKDjlUYCrXfkBAbi2E833uZFGp/mJACgzP1d
QBaDv4HZ1eDcMqBFLcmg2hs=
=JFuK
-----END PGP SIGNATURE-----

--WfZ7S8PLGjBY9Voh--