key management & APG

ix4svs at ix4svs at
Sat Aug 3 13:16:56 CEST 2013

Any help/pointers with these queries? Let me know if they don't make sense
and I'll attempt to clarify.

On 30 July 2013 22:30, <ix4svs at> wrote:

> Hello
> I've spent a few hours reading the list archives and would appreciate
> verification of my understanding or corrections as appropriate.
> [Key management]
> I only need one GPG identity for now. I also use GPG on devices of two
> classes: "Secure" and "insecure". I would like to take some operational
> security (OPSEC) precautions to minimize my pain when my insecure devices
> get compromised.
> The plan:
> 1. Create two subkeys: one for signing, one for encrypting.
> 2. Export the full keyring and keep it somewhere safe (on a few offline
> systems).
> 3. Create a "insecure" keyring with the original signing subkey missing
> (as described in )
> 4. Only use the "insecure" keyring on "insecure" systems.
> Hope the above is a reasonable generic key management approach.
> [APG]
> According to this
> keyring setup is not usable by APG.
> Given this, how are people using GPG on Android without exposing their
> entire keyring? Is creating a completely separate key/identity (sorry not
> sure what the right term is) currently the only way to maintain some
> semblance of OPSEC?
> Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130803/61591ad4/attachment.html>

More information about the Gnupg-users mailing list