Using GnuPG subkeys at two insecure locations

David Shaw dshaw at
Tue Feb 28 20:21:36 CET 2006

On Mon, Feb 27, 2006 at 02:06:57PM +0100, Raphaël Poss wrote:

> Q1. how do you think other software (PGP, old GPG, ...) behave when they 
> see multiple encryption public subkeys?

Unless it's really old PGP (say, PGP 5.0 era) it'll work fine.

> Q2. will signatures on other keys made with the laptop be recognised by 
> other software? Is there anything I should care for w.r.t trust when I 
> sign keys?
> Q3. do you think it is better I do not entrust the laptop subkey to sign 
> other keys?
> For that last question I have to state the difference between the 
> windows workstation and the laptop: the laptop is "more" secure than the 
> workstation. If the laptop is compromised I would know about it 
> immediately, and issue any relevant revocation certificates straight 
> away. Any encrypted data on the laptop is deleted securely after I have 
> decrypted it.

All this is somewhat moot, as you cannot make key signatures with a

> Q4. How can I mark my level of trust for the different subkeys using gnupg?

You can't.  The concept of trust is a whole-key concept.


More information about the Gnupg-users mailing list