Importance of time in pgp algorithms

Adrian 'Dagurashibanipal' von Bidder avbidder at
Wed Jan 28 08:29:14 CET 2004

On Tuesday 27 January 2004 23:13, Nicholas Paul Johnson wrote:

> 2.) I also use a desktop.  Is it secure for me to simply duplicate my
> ~/.gnupg directories on each machine (assuming that I copy the files in a
> secure way), or should I create a different key-pair for the desktop
> machine?

Short summary:

You can use subkeys in this situation. The main advantage: if somebody gets 
hold of your laptop (assuming that you have only secret subkeys on the 
laptop, but not the primary secret key), you can revoke that signing subkey 
and generate a new one, without losing your whole key.

The person holding a secret subkey can use this, of course (signing messages, 
reading messages encrypted to that subkey), but can *not* generate a new 
subkey, or sign keys, or revoke the subkey or other key parts. So, you lose 
authenticity on old signed messages, and secrecy on old encrypted messages, 
but you don't lose your key with all the signatures you've created on it.

But I recommend reading the web page, as this method has quite a few 
drawbacks; the most prominent being that automatic key retrieval dos not work 
with most (all?) current keyservers.

-- vbi

MICROSOFT: Most Intelligent Customers Realize Our Software is Only
for Fools and Teenagers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 331 bytes
Desc: signature
Url : /pipermail/attachments/20040128/c63fa2fa/attachment.bin

More information about the Gnupg-users mailing list