Mainkey with many subkeys??

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Mon Dec 8 12:47:30 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 12/08/2014 12:31 AM, MFPA wrote:
> Hi
> 
> 
> On Sunday 7 December 2014 at 10:01:55 PM, in 
> <mid:5484CE53.4080302 at mail.ru>, Duplicity Mailing List wrote:
> 
> 
>> Stupid question inbound:- If you make a bunch of subkeys, say,
>> one for your phone, one for your desktop and one for your laptop,
>> how does that work? I would assume if I send a piece of encrypted
>> data to your laptop's subkey's public key and you were on your 
>> desktop, you'd have to go to your laptop to decrypt it, wouldn't
>> you? Or am I missing something?
> 
> I suspect when Kristian said "per-device signing keys" the
> inference was that each device might have its own signing subkey
> but they would share the encryption subkey. I don't know what they
> meant by

Well, in my case I wouldn't keep an encryption subkey on the mobile
device at all. What would be nice to see is a scheme where the sender
could specify a wanted confidentiality level , e.g. enum {public;
confidential; classified} where two different encryption subkeys could
be kept at the same time. The trusted device would keep both
encryption subkeys but the mobilde device only the "confidential" one
at a lower security expectation. That said, I'm not entirely sure that
what we need for broader adoption is more complexity to the standard,
but at the same time this would enable encryption more broadly on
mobile devices. In my case though I'm mostly interested in digital
signatures for the mobile device though.

> "cellphone substitution." However, I have seen previous
> discussions that suggested the use of different encryption keys on
> things like

The quality of cellphones and batteries these days at least means I'm
switching phones once every two years or even more often.

> mobile phones, which would indeed mean going to your other device
> to decrypt. I think the assertion is that a key held on a mobile
> phone is possibly less secure.

Absolutely

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Qui audet vincit
Who dares wins
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUhY/RAAoJEPw7F94F4Tag4eUQAIxcyzf/7fPIj7sq35xtgq48
IqIsWnMY+QNl+tokvKQyAFRTy71vvm00flhqWR4X3D96kxsEULP3N7v7Bm4wm7Xu
jDP+xVhJHL3soUlD7Ss01xXqb0BkzIMSAc+V0B+x6RgnFi/bWj+muH3DeGNT5eXz
oUZN6Ym/n2Y9cMxQCs/ISYbLa+v8Amki/FxOEj6NLb4akIhYpPQhBsU/tKKer1Ag
5Xgkm50xcRRx5jMLDDxOLXLRqSY3nXUHRTTHSC/gqFHUuD7WsxJJaL86cVqiT6oq
FIgNWxkC+Mm3d85enUPGe1ZBF5sATb3GeICx7pwM6Cxf6xJYpLZ/cKNU+MTlFzEU
UJbjyK7eq+YaV/bZTq2w0YeUc/DRmnmRIzdd6cP/7bUUfROvjneebVTI2NPEllUg
P1IC7ohzkLpKm0D5r1qhh0uGsFhY42x4WkyInc98xkbY6sWgebsROnHFYGt36kGX
rUrBRO5hqaRlgwAoLqM+RzGWLXU07jz2oFhJQr1U9457zNQ+JYpykBYoLCBv63aq
Uc+EAJKTSq/RwwNegvXhaR7xUQDcqJuAZZxtGjtLUo3uYxWzz2Hlrq1ySjUeU4ws
Q/wXUeVaxV3ArSIfI4Eq6uG7f+IuNyrYmzmt87NsU2n7UEORTzWgY+3lIZdf+Hv2
BMmxYLE5jzf7q5fuJ8kY
=fzvf
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list