multiple e-mail addresses: what are the solutions?
Doug Barton
dougb at dougbarton.us
Mon Feb 23 07:46:24 CET 2009
gerry_lowry (alliston ontario canada) wrote:
> Thank you John and David.
>
> John Clizbe has suggested a "key with multiple email addresses
> (userIDs) per identity/personae" as one strategy. David Shaw has
> mentioned a strategy of separate keys for different purposes.
FWIW, I use a blend of these two strategies. I have a personal key
that has my main personal e-mail address, my @freebsd.org e-mail
address, and my old e-mail address (which was the first uid to gather
signatures so has more than the new e-mail address). In my former
position I needed a PGP key for my e-mail so I generated a new one
that was specific to that position. It had several e-mail addresses
(uids) attached to it (for various uninteresting reasons).
> My question: if I go with separate keys, as in
>
> e-mail_address_1 public_key_1 private_key_1
...
> then, is it permissible to have all of my public keys together on
> the same pubring.gpg file and all of my private keys together on
> the same secring.gpg file?
Yes, and I still have both keys on my keyring(s). Because I like to
keep things separated I actually have a my-pub-keys.gpg keyring (as
well as other rings with keys dedicated to other purposes).
> Also, if it is possible, what are the advantages and the
> disadvantages?
The only disadvantage I've run into was very minor, asking people at
key signing events to sign both keys. Now that people with multiple
keys are more common, that's hardly an issue any longer.
The advantages for me were clear separation between my "work" and
"personal" identities; which was primarily a benefit when it came to
e-mail (both signing and encryption) but there a few people who were
comfortable signing one key, but not the other. The other advantage
(now that I've left that employer) is that when attending key signing
parties now I don't have to worry about asking people to sign a key
with e-mail addresses I no longer have access to.
hope this helps,
Doug
More information about the Gnupg-users
mailing list