Using GnuPG subkeys at two insecure locations
David Shaw
dshaw at jabberwocky.com
Tue Feb 28 20:21:36 CET 2006
On Mon, Feb 27, 2006 at 02:06:57PM +0100, Raphaël Poss wrote:
> Q1. how do you think other software (PGP, old GPG, ...) behave when they
> see multiple encryption public subkeys?
Unless it's really old PGP (say, PGP 5.0 era) it'll work fine.
> Q2. will signatures on other keys made with the laptop be recognised by
> other software? Is there anything I should care for w.r.t trust when I
> sign keys?
>
> Q3. do you think it is better I do not entrust the laptop subkey to sign
> other keys?
>
> For that last question I have to state the difference between the
> windows workstation and the laptop: the laptop is "more" secure than the
> workstation. If the laptop is compromised I would know about it
> immediately, and issue any relevant revocation certificates straight
> away. Any encrypted data on the laptop is deleted securely after I have
> decrypted it.
All this is somewhat moot, as you cannot make key signatures with a
subkey.
> Q4. How can I mark my level of trust for the different subkeys using gnupg?
You can't. The concept of trust is a whole-key concept.
David
More information about the Gnupg-users
mailing list