Managing Subkeys for Professional and Personal UIDs
Mike Cardwell
gnupg at lists.grepular.com
Sun Apr 27 12:11:00 CEST 2014
* on the Sat, Apr 26, 2014 at 10:21:42PM +0000, John Sockwell wrote:
> I'm looking for best practices in creating and managing multiple
> subkeys and uids.
>
> In my scenario, I have a personal computer and personal email address.
> In addition, I have an employer provided computer and employer
> email address.
>
> I'd like to create a key architecture where if I'm ever compelled to
> compromise, revoke, or lose access to the signing and encryption keys
> on my work computer, the security and integrity of my personal files
> are preserved. The easiest solution seems to be generating separate
> primary keys for both identities. However, I believe this would
> undermine the WoT when I move to a new employer by not having all
> signing and encryption keys originating from the same primary key.
>
> Is it possible to assign an encryption and signing sub key to a
> specific uid so I can separate the keys used?
I don't believe that is possible no.
> Is there a better way to achieve this goal through other signing
> techniques?
I solve this problem using an OpenPGP smart card. My PGP key never
touches my work machine, so I never have to worry about it being
compromised. When I left my previous job, I revoked the UID
containing the email address assigned by that company, and then
added the new UID for the new company.
--
Mike Cardwell https://grepular.com https://emailprivacytester.com
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL: </pipermail/attachments/20140427/7fa11f3e/attachment-0001.sig>
More information about the Gnupg-users
mailing list