Why create offline main key without encryption capabilities

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Jun 2 17:37:05 CEST 2014


On 06/02/2014 11:30 AM, Suspekt wrote:
> Am 02.06.2014 17:01, schrieb David Shaw:
>> One problem with multiple encryption subkeys is that the person
>> encrypting to you doesn't know which one to use. As things stand in
>> OpenPGP clients today, unless the person encrypting explicitly
>> specifies which subkey to use (and not all clients even offer a
>> choice at all) they'll *a* subkey, which may or may not be the one
>> you (or they) would have wanted.
>
> Correct me if I'm wrong but doesn't GPG prefer the keys created last
> over keys created earlier? So it would use the every-day keys by default
> and use the high-security keys only if told specifically?

gpg does this, yes.  but when someone is encrypting an OpenPGP message
to you, you don't know what tools they're using.  they could be using
another OpenPGP toolkit that wouldn't have this same default.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140602/42626306/attachment.sig>


More information about the Gnupg-users mailing list