Offline Master Key

patrickbx at lavabit.com patrickbx at lavabit.com
Mon May 2 16:47:31 CEST 2011


Hi,

I have question on key management and was looking for some feedback.  My
issue is that I like the idea of having a Master signing key with no
expiration date and I want to store this key offline without the
inconvenience of using an offline computer every time i'd like to send a
signed/encrypted message.

My idea is to create a master signing key on an offline
computer(persistent live usb).  Then create two subkeys that have regular
expiration dates.  One encryption key and one additional "daily-use"
signing key.  I would post my master key in my signature and use it to
sign the sub-keys.  When sending mail I would use my daily use key to sign
my messages.  I would only access and use my master key when it is
necessary to sign other keys and update my sub keys. Would this create any
problems for those reading and verifying my emails?  Would it be necessary
to link to my key policy in my mail or would it be seamless that my sub
signing key is valid because it is signed by the master.

Thank you in advance for any help regarding my questions.  I'm still new
to gnupg, but I want to set it up right the first time.

Patrick





More information about the Gnupg-users mailing list