Managing Subkeys for Professional and Personal UIDs

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Apr 28 20:35:34 CEST 2014 

On 04/26/2014 06:21 PM, John Sockwell wrote:
> I’m looking for best practices in creating and managing multiple subkeys and uids.
> 
> In my scenario, I have a personal computer and personal email address. In addition, I have an employer provided computer and employer email address.
> 
> I’d like to create a key architecture where if I’m ever compelled to compromise, revoke, or lose access to the signing and encryption keys on my work computer, the security and integrity of my personal files are preserved. The easiest solution seems to be generating separate primary keys for both identities. However, I believe this would undermine the WoT when I move to a new employer by not having all signing and encryption keys originating from the same primary key.
> 
> Is it possible to assign an encryption and signing sub key to a specific uid so I can separate the keys used?

No, i think you need to use separate primary keys if you want to be able
to separate encrypted work messages from encrypted personal messages.

But I also want to point out that some employers may have a legitimate
need (even a legal compulsion) to be able to decrypt communications
coming to your work-related e-mail.  One reasonable solution to this is
to provide them an escrowed copy of your encryption-capable subkey,
perhaps locked in a way that you would need to be informed (or perhaps
deceased?) that they were making use of the escrow.

However, i see *no* legitimate need for any employer to be able to forge
data signatures or identity certifications from your work-related key.
escrow only make sense for encryption-capable keys in limited contexts.

If you are in a situation where you are forced by employment to engage
in key escrow, you should take steps to ensure that only your
work-related encryption subkey is escrowed, and not your primary key, or
any signing or certification-capable subkey.

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140428/0bb8c834/attachment.sig>

More information about the Gnupg-users mailing list