Multiple Subkey Pairs

vedaal at vedaal at
Thu Mar 13 16:42:51 CET 2014

On Thursday, March 13, 2014 at 8:03 AM, "Martin Behrendt" <martin-gnupg-users at> wrote:Hi,

>I want to achieve the following:
>1. A Master signing key
>2. A subkey signing/enc pair for my normal machine
>3. A subkey signing/enc pair for e.g. my mobile device

>What I want to do is to have a different "pair" for my mobile device
>or work computer than on my machine. I want to give those pairs a
>shorter lifetime like 1 year (depending on the paranoia level) so I
>can change them more frequently. 


It is difficult to do what you want using subkeys,
but you can easily accomplish what you want by making three new keypairs:

Keypair 1  will have the Master signing key and the encryption subkey, with the comment " Principal Keypair"  (or whatever descriptive comment you think is clear to your e-mail correspondence.

Keypair 2 will have a signing key and encrypting subkey, with the comment "normal computer', and signed by your Master key.

Keypair 3 will have a signing key and encrypting subkey with the comment "mobile device', and signed by your Master key.

All 3 keypairs will have the same name and e-mail address. 

Keypairs 2  and 3 can have whatever shorter expiration you want.

You can let all your correspondents know that they can encrypt simultaneously to all 3 of your keys that have the same e-mail address (assuming that you give them the fingerprints and long key id' s for the 3 keys, and they aren't going to be fooled by some attacker making a new key with your name and  e-mail address).

This way you can read and correspond on whatever device you are using at the time.


More information about the Gnupg-users mailing list