Clarification on purpose of subordinate keys
Werner Koch
wk at gnupg.org
Tue Mar 29 11:15:56 CEST 2005
On Mon, 28 Mar 2005 09:27:27 -0500, John Harrold said:
> given the time frame it probably happened when I was trying to unexpire the
> key F65A739E. Can you elaborate on the reasons for using a separate key for
> signing messages?
It is mostly useful if you keep your primary key offline
(cf. --export-secret-subkeys). In the case of a key compromise, you
would only need to revoke the existing subkeys and create new subkeys.
This saves you all the key signatures (Web Of Trust) as they are
signing the primary key only.
Shalom-Salam,
Werner
More information about the Gnupg-users
mailing list