Unattended signing

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Feb 24 23:16:20 CET 2015


On Mon 2015-02-23 19:36:25 -0500, Daniele Nicolodi wrote:
> On 21/02/15 20:11, Daniel Kahn Gillmor wrote:
>> Using a subkey is a reasonable approach, and rotating (and destroying)
>> the secret key of the rotated subkey is not a bad idea.
>
> What do you exactly mean by "destroying"? Isn't setting a suitable
> expire date enough?

If your subkey is used for signing, and the subkey is expired, then you
know that you will never want to make signatures with that key again.

That is, only a malicious person who manages to compromise that key
material can make signatures with it.  So why are you keeping it around?
setting a suitable expiry date *should* be enough, but destroying it is
safer, and you have no need to keep the secret part of that key.

           --dkg



More information about the Gnupg-users mailing list