Offline Master Key
jerome at jeromebaum.com
Mon May 2 17:14:09 CEST 2011
On Mon, May 2, 2011 at 16:47, <patrickbx at lavabit.com> wrote:
> My idea is to create a master signing key on an offline
> computer(persistent live usb). Then create two subkeys that have regular
> expiration dates. One encryption key and one additional "daily-use"
> signing key. I would post my master key in my signature and use it to
> sign the sub-keys. When sending mail I would use my daily use key to sign
> my messages. I would only access and use my master key when it is
> necessary to sign other keys and update my sub keys. Would this create any
> problems for those reading and verifying my emails?
If you are talking about actual sub-keys (not separate keys that are only
semantically "sub-keys"), then there is no problem. However, they might have
to get the latest key copy including the sub-keys to verify, and they
definitely need the encryption sub-key to encrypt.
> Would it be necessary
> to link to my key policy in my mail or would it be seamless that my sub
> signing key is valid because it is signed by the master.
An encryption sub-key is used to encrypt to the resp. uid on the master key.
A signing sub-key is implied to belong to the same uid as well. So, it's
E-Mail: jerome at jeromebaum.com
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users