Add sign key only?
Ben McGinnes
ben at adversary.org
Sat Dec 11 21:06:59 CET 2010
On 12/12/10 7:00 AM, David Shaw wrote:
>
> If you were forced to disclose your encryption key, you could give
> them just that particular subkey and not give them the signing
> subkey at all. What some people (me, among others) do in addition
> to this, is to remove the primary key and store it offline. That
> way even if it's an accidental leak of the key (rather than a
> compelled one), the primary key is safe. Since the primary key can
> be used to revoke the old subkeys and make new ones, this is a very
> safe way to handle keys.
Obviously the offline storage/copy would include the subkeys and
essentially be a backup of all 3, but how is the primary key removed
from the two subkeys in the keyring?
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101212/9a94b889/attachment.pgp>
More information about the Gnupg-users
mailing list