key management & APG
ix4svs at gmail.com
ix4svs at gmail.com
Sat Aug 3 13:16:56 CEST 2013
Any help/pointers with these queries? Let me know if they don't make sense
and I'll attempt to clarify.
On 30 July 2013 22:30, <ix4svs at gmail.com> wrote:
> Hello
>
> I've spent a few hours reading the list archives and would appreciate
> verification of my understanding or corrections as appropriate.
>
> [Key management]
>
> I only need one GPG identity for now. I also use GPG on devices of two
> classes: "Secure" and "insecure". I would like to take some operational
> security (OPSEC) precautions to minimize my pain when my insecure devices
> get compromised.
>
> The plan:
> 1. Create two subkeys: one for signing, one for encrypting.
> 2. Export the full keyring and keep it somewhere safe (on a few offline
> systems).
> 3. Create a "insecure" keyring with the original signing subkey missing
> (as described in https://alexcabal.com/creating-the-perfect-gpg-keypair/ )
> 4. Only use the "insecure" keyring on "insecure" systems.
>
> Hope the above is a reasonable generic key management approach.
>
> [APG]
>
> According to https://grepular.com/Android_Privacy_Guard_and_Subkeys this
> keyring setup is not usable by APG.
>
> Given this, how are people using GPG on Android without exposing their
> entire keyring? Is creating a completely separate key/identity (sorry not
> sure what the right term is) currently the only way to maintain some
> semblance of OPSEC?
>
> Alex
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130803/61591ad4/attachment.html>
More information about the Gnupg-users
mailing list