Multiple GPG public keys with one private keys
2014-667rhzu3dc-lists-groups at riseup.net
Sun Aug 30 14:59:59 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
On Friday 28 August 2015 at 3:02:44 PM, in
<mid:CAE-c3me=SVzwxmzy-f9Fno5ujNOLMO+etYLEJE2GVLxHZ2fAPg at mail.gmail.com>,
Dionysis Zindros wrote:
> You can have multiple public/private key pairs for your
> public identities. Then you can maintain a secret
> public/private key pair that links your identities
> together. Encrypt the private keys of your public
> identities with the public key of your secret identity
> and publish them. Then all you need to decrypt any
> message sent to the public key of any of your public
> identities is the private key of your secret identity.
> Simply use your secret identity private key to decrypt
> the secret key of your public identity (which is a
> published encrypted message) and subsequently use that
> private key to decrypt the message that was
> communicated to you.
Interesting use of "simply". That procedure sounds far more
complicated than storing your various secret keys on your keyring and
having GnuPG use them in the normal way. I'm not sure what you gain in
return for the increased complexity.
> Finally, mathematically, in the bitcoin world, we've
> seen hierarchical deterministic keys. I see no reason
> why they could not be adopted in GPG also,
I did a quick search for "hierarchical deterministic keys" and found
Which tells me that if the parent public key is published and one of
the child secret keys is leaked, the parent secret key can be
calculated. So the parent key and all possible child keys are
compromised by the compromise of just one child secret key.
MFPA <mailto:2014-667rhzu3dc-lists-groups at riseup.net>
Don't learn safety rules by accident...
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users