Optimal setup for corporate keys

flapflap flapflap at riseup.net
Sun Jul 19 19:01:37 CEST 2015

Greg Sabino Mullane:
>> We exchange sensitive files with multiple corporate partners and would like
>> to set our keys up so that a single private key compromise does not require
>> generating new keys for all partners.
>> 1) Should we generate separate pub / priv key pairs for all partners?
> Yes. It's best to keep everyone as separated as possible.

Probably, it is a non-issue in this specific case (you already know the
files you send to your partners), but in general one (here: your
partners) should not use secret keys generated by others because they
are not /secret/ to oneself anymore.

Simply let your partners generate their pub/sec key pairs and then
exchange them.

More information about the Gnupg-users mailing list