GPG keys for multiple email accounts

Tim Chase gnupg at tim.thechases.com
Sun Jul 7 02:53:16 CEST 2013


On 2013-07-06 21:52, Hauke Laging wrote:
[snip a whole bunch of helpful stuff]
> My recommendation:
> Separate keys by email address type:
> 
> a) private (one group)
> b) each business separate
> c) each organization separate
[snip a whole bunch more useful stuff]

This was an amazingly helpful email.  I've seen a lot of posts (both
blog and here on the mailing list) that are full of technical
explanations, but very few that go over best practices for managing
multiple identities.  I too juggle several dozen email addresses
(many of which come to a single catch-all mailbox, but help in
filtering the incoming deluge), so if you know of any "Best practices
in managing multiple GPG identities for dummies" resources, I'd love
to become better versed at whatever links you provide.

> > (4) I create independent keys (without sub keys) and use one key
> > for multiple email accounts.  
> 
> You should NEVER use mainkeys outside a safe environment (boot from
> CD/DVD). Only subkeys should be used on normal systems.

Could you explain this a little more?  This sounds very important,
but I feel I'm not grasping the interplay of mainkeys vs. subkeys and
how they are (or should be) accessed.  I'd understood that unlocking
a keyring got you access to all the keys on it, so accessing a
sub-key in a non-safe environment would potentially risk exposing
your mainkey as well.  I suspect I've missed something important.

Thanks,

-tkc




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20130706/efb6bd9a/attachment.sig>


More information about the Gnupg-users mailing list