How to add information about purpose/security of sub keys?

adrelanos adrelanos at riseup.net
Thu Nov 14 00:08:14 CET 2013


Hi!

I would like to partition my key like this:

- long term identity key (air gapped, master key) [a]
-- short term e-mail encryption key (less secured sub key, only on mail
machine) [b]
-- short term e-mail signing key (less secured sub key, only on mail
machine) [c]
-- short term images/repository key (less secured sub key, only on
software build machine) [d]
-- long term encryption key (air gapped, sub key) [f]

In other words, I would use:

- [b] and [c] for convenience, communication which isn't that important
- [c] to sign software / apt repository
- [a] to sign important messages (key transition etc.)
- [f] little convenience, for receiving important messages

What is the best way to make key [b] the default, so anyone writing an
encrypted mail will use key [b] and not key [f] unless a conscious
decision was made?

What is the best way to communicate...?
- if you want to send a mail, in most cases, use key [b],
- unless it is really important, then use key [f]
- most of my mails will be encrypted with key [c], unless it's
important, then I use key [a]
- software I sign will be signed with key [d], do not use software
signed with key [c]

It would be best if this information was presented by default, such as
when importing my key or at least when running --fingerprint. What is
the best way to communicate that, sub packets (notations), UUID comments
or something else?

Are sub packets (notations) signed by the master key [a]?

Are UID comment signed by the master key [a]?

Cheers,
adrelanos



More information about the Gnupg-users mailing list