Generating a new key

Doug Barton dougb at
Sun Mar 21 05:52:57 CET 2010

On 03/20/10 21:35, David Shaw wrote:
> GnuPG supports an offline key setup where the primary key is kept offline and the subkeys are kept online (and yes, you can store an authentication subkey separate from the main key).  This works very well for the common OpenPGP case where the primary key is the most important one (as it is used to certify new subkeys, among other things).  If you lose/compromise/etc your online subkeys, just use the offline primary to revoke them and make new subkeys.  The primary isn't kept with the subkeys, so it is much less likely to be lost/compromised along with them.

Ok, got it, thanks. :)



	... and that's just a little bit of history repeating.
			-- Propellerheads

	Improve the effectiveness of your Internet presence with
	a domain name makeover!

More information about the Gnupg-users mailing list