Why create offline main key without encryption capabilities
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Jun 2 17:37:05 CEST 2014
On 06/02/2014 11:30 AM, Suspekt wrote:
> Am 02.06.2014 17:01, schrieb David Shaw:
>> One problem with multiple encryption subkeys is that the person
>> encrypting to you doesn't know which one to use. As things stand in
>> OpenPGP clients today, unless the person encrypting explicitly
>> specifies which subkey to use (and not all clients even offer a
>> choice at all) they'll *a* subkey, which may or may not be the one
>> you (or they) would have wanted.
> Correct me if I'm wrong but doesn't GPG prefer the keys created last
> over keys created earlier? So it would use the every-day keys by default
> and use the high-security keys only if told specifically?
gpg does this, yes. but when someone is encrypting an OpenPGP message
to you, you don't know what tools they're using. they could be using
another OpenPGP toolkit that wouldn't have this same default.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1010 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users