Multiple email addresses - any alternative to ask everyone to sign all my keys?

[Christopher J. Walters]

Hello Philipp,

On 7/24/2013 1:53 AM, Philipp Klaus Krause wrote:
> Hmm, since everyone seems to think "He doesn't consider the unviersity
> computer secure enough for something, so he shouldn't consider it secure
> enough for anything", it seems I'm failing and communicating what I want
> to do. Maybe having a look at the following scenario will help:

You said that you do not trust the security of the university computer, so we 
were taking your assessment as a starting point.

> I have three computers, a smartphone named CONFIDENTIAL, a desktop in my
> office named SECRET, and one in the underground shelter with armed
> guards and the dog that needs to be fed the right type of meat to let me
> through named TOPSECRET.

Okay, I get that.  Presumably TOPSECRET is your own computer which you believe 
to be the most secure, and SECRET is the university computer.  My amended 
suggestion would provide the best security for both computers, however, it 
would likely be hard if not impossible to implement on a smart phone.

> I have email addresses confidential at me, secret at me and topsecret at me.
> People sending confidential mail will send to confidential at me, and
> expect a reply within a short timeframe, so I need to be able to decrpyt
> and read the mail on CONFIDENTIAL. On SECRET, I want to read mail sent
> to confidential at me and secret at me. People that value security over timely
> processing will send mail to topsecret at me. On TOPSECRET I want to be
> able to decrypt mail sent to confidential at me, secret at me and opsecret at me.
> Nothing that happens to computer CONFIDENTAIL may allow other people to
> read mail sent to  secret at me or topsecret at me. Nothing that happens to
> SECRET may allow other people to read mail sent totopsecret at me.

If you are using a smart phone to receive exams from students, there is a big 
security problem with that.  Especially, if you are using a proprietary OS.  I 
will let others explain why that is a bad idea, for the sake of brevity.

> I can handle this scenario by having three keypairs, one for each of the
> email addresses. But this would require everyone to sign all three of
> these keys. Is there a way to handle this secnario, such that people
> only have to sign one key?

Other posters have answered with a way this can be done.  Create one key (for 
TOPSECRET presumably), and add subkeys for your phone and your university 
computer.  This would allow people to only have to sign one key, as you've 
requested.

As for security, any chain is only as strong as its weakest link - security is 
no different.  If others you do not trust have access to one of the devices 
(for example, SECRET), then that is the weakest link in the chain.  If you have 
your whole secret keyring on all three devices, then it is likely that an 
attacker who has physical access to SECRET would have access to your key any 
all subkeys, and would only need a simple keylogger.

One way to avoid this problem is to have your keyrings stored, with a strong 
passphrase (almost goes without saying), in one location a (potentially 
encrypted USB drive), and to access your mail, GnuPG and other necessary 
applications using a secure and trusted Live CD or DVD (e.g. Knoppix, or 
RIPLinuX).  This would avoid any security problems on computers, as long as you 
can access the network through the Live CD.  You clearly could not use a Live 
CD on a smart phone.  As long as you could carry the USB stick drive with you, 
and it was not stolen from you (especially if you encrypt the file systems on 
the USB stick drive), then the relative security of each computer would not 
matter, since anyone who got a hold of your USB stick drive would have to 
decrypt it before they could begin attacking your passphrase(s).

If CONFIDENTIAL is your smart phone, then you'd need at least two main keys, 
and one would have to be stored on the phone.  If it were a computer, my 
suggestion may be of some use to you.

Regards,
Chris