Multiple uid's vs. multiple primary keys & "master signing keys"

David Shaw dshaw at jabberwocky.com
Mon Jun 23 22:23:53 CEST 2008


On Mon, Jun 23, 2008 at 03:28:44PM -0400, David Koppenhofer wrote:
> Hi everyone,
> 
> I'm a potential new gpg user, and have been struggling with a few
> questions about how uid's and keys should be configured.  I've poured
> over the documentation, mailing list, and web pages, and now want to
> verify what I've come up with so far.  I know there are probably no
> "right" answers, but I would like to know if there is some kind of
> general consensus about "best practice".  At the least, maybe I can
> find out how people have things set up for real-world usage.
> 
> 1) Multiple uid's (emails) per primary key versus multiple primary keys
> I have 3 email addresses I currently use: one personal, one for foss
> development, and one for work.  I could create 3 uid's associated with
> the same primary key (option A), or 3 separate primary keys with 1 uid
> each (option B).
> 
> Here are the trade-offs I've thought of - are they right?  Anything
> else I should consider?
> * Option A would require 1 passphrase, where B would require 3 passphrases.

Not necessarily.  You are free to use 1 passphrase for all 3 keys if
you like.

> * Assuming someone wants to certify all 3 uid's:
>   - Option A would require 1 fingerprint to be verified, B would
> require 3 fingerprints to be verified.

Yes.

>   - In both cases, 3 signatures would have to be made by the signer,
> one for each uid.
> Option A would be more "streamlined" since gnupg prompts the signer
> whether or not to sign each uid of a key (right?).  Option B would
> require the other party to do "--sign-key" three times.

Yes.

> * Option A has 1 encryption key, B has 3.  In the 3-key scenario, if
> I'm forced to reveal encrypted messages to one of the addresses, the
> others are not automatically compromised.

Yes.

> * As far as the web of trust goes: in both options, other people can
> trust the authenticity of each uid differently.

Yes.

> I guess the difference is when I certify others' keys.  With option A,
> I only certify keys with one key, whereas option B would give me a
> choice of 3 keys to certify with.  I suppose that I would have 3 webs
> of trust in that case.  If I include someone in all three webs, then
> their key will be signed by my name 3 times, albeit with 3 separate
> key id's.  Would that be "weird"?  I suppose this is where a "master
> signing key" comes in...

Not weird.  Some people do it that way.  Some people find it
annoying.  It's really a matter of taste.

> 2) "Master signing key"
> In the above option B, I could create a fourth (sign-only) key with
> which I cross-sign my 3 "uid keys" to unify the webs of trust.
> 
> * Would I certify other people's keys ONLY with this fourth key, and
> not the other 3?

Yes.

> * Wouldn't other people have to then certify at least 2 of my keys:
> the "master" and as many "uid keys" as they want to?  Or would my
> cross-signing the "master" and the other person's trust in the
> "master" key cause the "uid keys" to be trusted?

The latter.  They would just sign your master key, and you'd sign your
own "uid key" with your master.

> * Do people have problems signing a "master signing key" that may not
> have an email address associated with it?

Many do.  I personally do have a problem with it, as it makes it very
difficult to validate the key unless you know the person personally.

> I'm leaning towards Option A (1 primary with 3 uid's), just because it
> seems simpler.  Option B (3 primary, 1 uid each) is still appealing
> because each uid gets its own encryption key.  Is that the only
> trade-off between those two options?

It's handy to make a distinction between your work and personal life,
and for many or even most people, their personal "identity" is a lot
longer lived than their work "identity".  People keep the same
personal address for years, but don't as often keep the same job (and
thus job address) for that long.

Personally, I do this with two keys.  One personal, and one work.  I
don't really get the work one signed, as people who want to reach me
generally do so in my personal context (I do FOSS work, but I do it
under my personal address as I've found that many people just send
mail to personal addresses even there is a special address for FOSS
stuff).

David



More information about the Gnupg-users mailing list