Optimal setup for corporate keys

Marko Božiković bozho at kset.org
Mon Jul 20 10:49:18 CEST 2015

On 18/07/2015 17:58, F Rafi wrote:
> We exchange sensitive files with multiple corporate partners and would like to
> set our keys up so that a single private key compromise does not require
> generating new keys for all partners.
> 1) Should we generate separate pub / priv key pairs for all partners?
> 2) Generate a single pub / priv key for signing and multiple sub-keys for
> encryption?

To add one more thing: if you wish to add comments to your partner keys in
order to distinguish them easily, take a look at notations before generating
keys as notations are the only way to add 'comments' to your subkeys and you
have to specify them when generating a key (at least I haven't found a way to
add them afterwards)


More information about the Gnupg-users mailing list