Why create offline main key without encryption capabilities
Suspekt
suspekt at gmx.de
Mon Jun 2 17:30:15 CEST 2014
Am 02.06.2014 17:01, schrieb David Shaw:
> One problem with multiple encryption subkeys is that the person
> encrypting to you doesn't know which one to use. As things stand in
> OpenPGP clients today, unless the person encrypting explicitly
> specifies which subkey to use (and not all clients even offer a
> choice at all) they'll *a* subkey, which may or may not be the one
> you (or they) would have wanted.
>
> This problem doesn't exist in exactly the same way for multiple
> signing subkeys since which key is used is under your control (the
> signer), but there is a related problem in that you'd have a "low
> security" signing key and a "high security" signing key. How does the
> recipient know which is the intended one at any given time? From the
> recipient's perspective, it's just a good signature. There is no
> "this is a good signature from my high security key" (there is a
> "good signature from key XXXXX", but they don't know what additional
> meaning you give to that key in particular).
>
> To be sure, OpenPGP does have enough hooks and capabilities to
> implement what you're talking about (signature notations to say "this
> is my high security key", for example) but it isn't done at this
> time.
>
> David
>
Correct me if I'm wrong but doesn't GPG prefer the keys created last
over keys created earlier? So it would use the every-day keys by default
and use the high-security keys only if told specifically?
suspekt
More information about the Gnupg-users
mailing list