Why create offline main key without encryption capabilities

Suspekt suspekt at gmx.de
Sun Jun 1 12:54:30 CEST 2014

Hi there,
I understand the concept of using a secure offline key and than creating 
one or multiple subkeys to use in rather insecure environments like a 
internet-connected laptop or a smartphone. Depending on which tutorial 
you look at, the recommended capabilities of the offline key vary.
Some use the key just for certification of own subkeys and keys of other 

Some recommend using it for certification of own subkeys, keys of other 
people and signing of documents that are so important, that the 
signing-subkey is not secure enough.

But I yet have to find someone recommending to use the offline mainkey 
also for encryption/decryption of files, that are so important that 
subkey encryption/decryption is not secure enough.

Is there a reason for that? Am I missing something?

thanks a lot

More information about the Gnupg-users mailing list