Best practices for multiple e-mail addresses (was also: newbie question about identities)

Eugene Smiley eugene at
Fri Oct 10 18:31:36 CEST 2003

Hash: SHA1

Joel Konkle-Parker wrote:
> I have three distinct e-mail addresses: work, home, and another
> business. What's the best practice for keeping a key for each
> address? One key with multiple addresses in it (i.e. a key for me
> as a person)? A separate key for each address (i.e. a key for each
> of work/home/business as a unit)?
> How do others do it?

Below is an edited/expanded version of the answer that atom gives. I
recommend that it be addded as 3.1.2 The use of Role keys and Managing
User IDs for the Handbook.


There are two distinct ways of looking a Role keys. the first way to
look at role keys is that they are keys used by an entity a) for the
public to communicate securely with personnel filling particular roles
(network administrator, keymaster, list administrator, key revoker,
etc.), and b) for these personnel to certify important digital
documents. These keys are generally signed by a root key to designate
that the entity considers the key valid.

The alternative view of roles is at the individual user level. A user
may designate roles of related functions/User IDs. Bob might designate
a Work Role with UIDs of bob at and webmaster at and
a Personal role of bob at These two roles would be created
as two seperate keys. Bob might even consider having a class of email
addresses without keys such as bob at and bob at Or
Bob could have one key with any or all of the five User IDs.

Adding User IDs on a key is convenient when you use multiple names or
email addresses which do not socially conflict with each other. For
example, Alice (alice at works with Bob, and is an alumni of
a university (alice at and is a member of a trade
association (alice at She wants the trust and "prestige" of
each of these organizations to be shared by the others. To do the same
thing with seperate keys would require everyone to sign 3 keys instead
of 3 User IDs.

However, co-worker Charlie (charlie at might be the
webmaster at and might lose his job if someone found
out. It would be a good idea if Charlie kept these two identities
seperate and distinct. Charlie SHOULD have seperate keys/roles for
these two (Work and Activist).

Additional key pairs can be created the same way as your first key
pair, with --gen-key. When encrypting or signing, use the --local-user
option to specify an ID other than the default.


Version: GnuPG v1.2.2-nr2 (Windows XP)
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-users mailing list