key management & APG
ix4svs at gmail.com
ix4svs at gmail.com
Tue Jul 30 23:30:33 CEST 2013
Hello
I've spent a few hours reading the list archives and would appreciate
verification of my understanding or corrections as appropriate.
[Key management]
I only need one GPG identity for now. I also use GPG on devices of two
classes: "Secure" and "insecure". I would like to take some operational
security (OPSEC) precautions to minimize my pain when my insecure devices
get compromised.
The plan:
1. Create two subkeys: one for signing, one for encrypting.
2. Export the full keyring and keep it somewhere safe (on a few offline
systems).
3. Create a "insecure" keyring with the original signing subkey missing (as
described in https://alexcabal.com/creating-the-perfect-gpg-keypair/ )
4. Only use the "insecure" keyring on "insecure" systems.
Hope the above is a reasonable generic key management approach.
[APG]
According to https://grepular.com/Android_Privacy_Guard_and_Subkeys this
keyring setup is not usable by APG.
Given this, how are people using GPG on Android without exposing their
entire keyring? Is creating a completely separate key/identity (sorry not
sure what the right term is) currently the only way to maintain some
semblance of OPSEC?
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130730/0f9ddd0d/attachment.html>
More information about the Gnupg-users
mailing list