key management & APG

ix4svs at ix4svs at
Tue Jul 30 23:30:33 CEST 2013


I've spent a few hours reading the list archives and would appreciate
verification of my understanding or corrections as appropriate.

[Key management]

I only need one GPG identity for now. I also use GPG on devices of two
classes: "Secure" and "insecure". I would like to take some operational
security (OPSEC) precautions to minimize my pain when my insecure devices
get compromised.

The plan:
1. Create two subkeys: one for signing, one for encrypting.
2. Export the full keyring and keep it somewhere safe (on a few offline
3. Create a "insecure" keyring with the original signing subkey missing (as
described in )
4. Only use the "insecure" keyring on "insecure" systems.

Hope the above is a reasonable generic key management approach.


According to this
keyring setup is not usable by APG.

Given this, how are people using GPG on Android without exposing their
entire keyring? Is creating a completely separate key/identity (sorry not
sure what the right term is) currently the only way to maintain some
semblance of OPSEC?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130730/0f9ddd0d/attachment.html>

More information about the Gnupg-users mailing list