Multiple uid's vs. multiple primary keys & "master signing keys"
david at coffeefish.org
Mon Jun 23 21:28:44 CEST 2008
I'm a potential new gpg user, and have been struggling with a few
questions about how uid's and keys should be configured. I've poured
over the documentation, mailing list, and web pages, and now want to
verify what I've come up with so far. I know there are probably no
"right" answers, but I would like to know if there is some kind of
general consensus about "best practice". At the least, maybe I can
find out how people have things set up for real-world usage.
1) Multiple uid's (emails) per primary key versus multiple primary keys
I have 3 email addresses I currently use: one personal, one for foss
development, and one for work. I could create 3 uid's associated with
the same primary key (option A), or 3 separate primary keys with 1 uid
each (option B).
Here are the trade-offs I've thought of - are they right? Anything
else I should consider?
* Option A would require 1 passphrase, where B would require 3 passphrases.
* Assuming someone wants to certify all 3 uid's:
- Option A would require 1 fingerprint to be verified, B would
require 3 fingerprints to be verified.
- In both cases, 3 signatures would have to be made by the signer,
one for each uid.
Option A would be more "streamlined" since gnupg prompts the signer
whether or not to sign each uid of a key (right?). Option B would
require the other party to do "--sign-key" three times.
* Option A has 1 encryption key, B has 3. In the 3-key scenario, if
I'm forced to reveal encrypted messages to one of the addresses, the
others are not automatically compromised.
* As far as the web of trust goes: in both options, other people can
trust the authenticity of each uid differently.
I guess the difference is when I certify others' keys. With option A,
I only certify keys with one key, whereas option B would give me a
choice of 3 keys to certify with. I suppose that I would have 3 webs
of trust in that case. If I include someone in all three webs, then
their key will be signed by my name 3 times, albeit with 3 separate
key id's. Would that be "weird"? I suppose this is where a "master
signing key" comes in...
2) "Master signing key"
In the above option B, I could create a fourth (sign-only) key with
which I cross-sign my 3 "uid keys" to unify the webs of trust.
* Would I certify other people's keys ONLY with this fourth key, and
not the other 3?
* Wouldn't other people have to then certify at least 2 of my keys:
the "master" and as many "uid keys" as they want to? Or would my
cross-signing the "master" and the other person's trust in the
"master" key cause the "uid keys" to be trusted?
* Do people have problems signing a "master signing key" that may not
have an email address associated with it?
I'm leaning towards Option A (1 primary with 3 uid's), just because it
seems simpler. Option B (3 primary, 1 uid each) is still appealing
because each uid gets its own encryption key. Is that the only
trade-off between those two options?
Wow, sorry for the very long-winded message. Thanks in advance for
More information about the Gnupg-users