Managing Subkeys for Professional and Personal UIDs

Mike Cardwell gnupg at
Sun Apr 27 12:11:00 CEST 2014

* on the Sat, Apr 26, 2014 at 10:21:42PM +0000, John Sockwell wrote:

> I'm looking for best practices in creating and managing multiple
> subkeys and uids.
> In my scenario, I have a personal computer and personal email address.
> In addition, I have an employer provided computer and employer
> email address.
> I'd like to create a key architecture where if I'm ever compelled to
> compromise, revoke, or lose access to the signing and encryption keys
> on my work computer, the security and integrity of my personal files
> are preserved. The easiest solution seems to be generating separate
> primary keys for both identities. However, I believe this would
> undermine the WoT when I move to a new employer by not having all
> signing and encryption keys originating from the same primary key.
> Is it possible to assign an encryption and signing sub key to a
> specific uid so I can separate the keys used?

I don't believe that is possible no.

> Is there a better way to achieve this goal through other signing
> techniques?

I solve this problem using an OpenPGP smart card. My PGP key never
touches my work machine, so I never have to worry about it being
compromised. When I left my previous job, I revoked the UID
containing the email address assigned by that company, and then
added the new UID for the new company.

Mike Cardwell
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL: </pipermail/attachments/20140427/7fa11f3e/attachment-0001.sig>

More information about the Gnupg-users mailing list