"Certify" only master key

atair atair04 at googlemail.com
Wed Jul 31 01:10:54 CEST 2013


is there anything that speaks against a master key with only the
"certify" usage-property set? I'd create separate expiring subkeys for
sign and encryption.

What is the advantage of having a certify+sign master key? In my
opinion, this sounds dangerous, because to sign a message one would
always need the secret key of the master key available (if using CS
master key, and E subkey). By using a certify only key as master key,
one could delete the master's secret key on the non-offline system.
The only case for a CS master key that comes to my mind, is when one
wants to sign some important documents in the offline environment
_with the master key_ (e.g. key policy, some configs etc). In that
case one would delete the secret master key for the online system and
use the sign subkey for ordinary communication.

Thanks for comments!

More information about the Gnupg-users mailing list