How to add information about purpose/security of sub keys?

Paul R. Ramer free10pro at
Thu Nov 14 17:32:26 CET 2013

adrelanos <adrelanos at> wrote:
>- [b] and [c] for convenience, communication which isn't that important
>- [c] to sign software / apt repository
>- [a] to sign important messages (key transition etc.)
>- [f] little convenience, for receiving important messages
>What is the best way to make key [b] the default, so anyone writing an
>encrypted mail will use key [b] and not key [f] unless a conscious
>decision was made?

The only way of making certain of this is to use separate keypairs, otherwise as David has said you have no control over this because of how the user's software selects the key.

But even if you used separate keypairs, you would still need your correspondent to know which to use for what kind of communication.

You could put this information in a UID or in a policy that you keep online or give personally to each person that needs to know.  But the issue is still the same, you need the person communicating with you to know which key or subkey to use, and you cannot assume that that person knows automatically.

>What is the best way to communicate...?
>- if you want to send a mail, in most cases, use key [b],
>- unless it is really important, then use key [f]
>- most of my mails will be encrypted with key [c], unless it's
>important, then I use key [a]
>- software I sign will be signed with key [d], do not use software
>signed with key [c]

The question that I think that you must ask yourself before your question can be answered is, "Who needs your key?" Who do you expect to communicate with you and under what circumstances?

Based on the answers to those questions, you will then have to find the most "dumby-proof" way of communicating your intent whether it be through separate keypairs, a policy, or something else.



PGP: 3DB6D884

More information about the Gnupg-users mailing list