new keys vs. sub-keys vs. uids

gnupg at tim.thechases.com gnupg at tim.thechases.com
Sat May 3 03:08:35 CEST 2014


Please forgive any folly (or poor word-choices for technical terms) in
my questions, as I'm still feeling my way around the edges of GPG.

I'd like to have different personas, all under one key.  So I'd have
one for my work email, one for personal email, one for each of
several dozen mailing lists.

I began my experimenting by creating various uids:

  $gpg --gen-key
  ...
  email: home at example.name
  ...
  Enter passphrase: *******
  $gpg --edit-key home at example.name
  gpg> adduid
  ...
  Enter email address: work at example.com
  ...
  gpg> save

However, after adding multiple uids and emailing an encrypted test
message from the new UID (work at example.com), I noticed that Claws Mail
reported that it had been signed by "home at example.name" instead of
"work at example.com", leaking signature information I'd rather keep
separated.  I suspect I don't fully grasp the intent of additional
UIDs.  In the hope of keeping the entries completely separate, I then
tried

  $rm -rf ~/.gnupg  # these are just test-keys for now
  $gpg --gen-key
  ...
  email: home at example.name
  ...
  Enter passphrase: *******
  $gpg --gen-key
  ...
  email: work at example.name
  ...
  Enter passphrase: *******

This seemed to work as expected, but has the down-side that I would
have N separate passphrases to maintain/remember for each of the N
personas.  Yes, I can make them all the same passphrase, but it would
be nice if they were all under one master passphrase.

So I guess I'm looking for

1) something that doesn't leak identities across signatures
2) a single passphrase to manage the multiple identities
3) can be identified by the signing email address (Claws seems to
make this easy for choosing the signing key)

Is there a way I'm missing to go about keeping these separate without
the overhead of new keys for each persona?

Thanks,

-tkc








More information about the Gnupg-users mailing list