Why create offline main key without encryption capabilities
postpics123 at gmail.com
Mon Jun 2 20:45:04 CEST 2014
2014-06-01 16:17 GMT+02:00 Hauke Laging <mailinglisten at hauke-laging.de>:
> Am So 01.06.2014, 12:54:30 schrieb Suspekt:
> > But I yet have to find someone recommending to use the offline mainkey
> > also for encryption/decryption of files, that are so important that
> > subkey encryption/decryption is not secure enough.
> I do :-)
> > Is there a reason for that? Am I missing something?
> There are certain risks using the same RSA key for encryption and
> signing. If you make a blind signature over data someone supplied then
> you unintentionally decrypt the data (and send it back).
> There are legal and organizational arguments, too:
> 1) If you are forced to give a decryption key to the authorities then it
> is an advantage if they cannot use this key to forge signatures.
> 2) If a signature key has expired then you may delete the private part.
> You should usually never throw away a decryption key, though, as it can
> happen that you have to decrypt data long after the public part has
> I say: Everyone needs keys at different security levels (German):
> E.g. the key which is going to sign this email is not suitable for
> handling really important data. But as long as hardly anybody has a
> complete high-security key it seems useful to have at least the mainkey
> as a last resort.
> Technically you could use other subkeys for higher security levels – but
> who would understand that? Seems very dangerous to me, more dangerous
> than using the mainkey.
> Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
> OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users