new keys vs. sub-keys vs. uids

David Shaw dshaw at jabberwocky.com
Sat May 3 04:28:12 CEST 2014


On May 2, 2014, at 9:08 PM, gnupg at tim.thechases.com wrote:

> So I guess I'm looking for
> 
> 1) something that doesn't leak identities across signatures
> 2) a single passphrase to manage the multiple identities
> 3) can be identified by the signing email address (Claws seems to
> make this easy for choosing the signing key)
> 
> Is there a way I'm missing to go about keeping these separate without
> the overhead of new keys for each persona?

Briefly, no.  The signature is issued from the key, not by a particular identity using that key.  There is an optional feature in OpenPGP to say "I meant that signature to come from *this* user ID", but that doesn't really solve your problem either - it doesn't hide the fact that there are other identities or what those identies are, but rather indicates the one (of several) that you're using at the moment.  In any event, GPG doesn't support that feature (neither does PGP).

If you have a key with multiple user IDs, anyone looking at that key can see all of those identities.  The standard method for doing what you are trying to do is to have two separate keys.

David




More information about the Gnupg-users mailing list