best practices for creating keys

Tue Nov 17 13:32:03 CET 2015

All,

I'm just dipping my toes into GPG and am making a significant effort
to "do things right" out of the gate.

Based on my research, it is my understanding that "best practices"
dictate we should have one master key with subkeys for specific
purposes (personal work, "work" work, etc.). The master key is kept on
an "offline" computer and then used only to revoke particular subkeys
if needed.

Is this accurate?

Below is an article that seems to discuss precisely this subject. It's
a bit dated (2013), so am looking for clarification on whether or not
this is the _best_ way to deal with GPG, key pairs, etc.

https://alexcabal.com/creating-the-perfect-gpg-keypair/

I've seen a few other StackOverflow questions about this matter and
they all seem to recommend the same thing: create one master key, a
subkey (or more than one) and use those instead of the master key for
signing as needed.

I'm particularly confused regarding the lexicon used in the article
above, mostly because of my ignorance (as the article is rather
clearly written). The author indicates that:

- we create a keypair
- added signing subkey
- exported complete keypair _to TWO files_ (along with a revocation certificate)
- removed original signing subkey and stash that away safely (in a
safe, offline)

My questions (and please forgive my ignorance):
(a) when you create a the original keypair and export, it exports to
_two_ files; how then, after adding another signing subkey, does the
export also result in two files? Are both signing subkey keys
(original and additional) embedded in your private key when exported?

(b) is this all really necessary? Aren't your private keys, when
secured via a password, encrypted via AES256? If you have a super
secure password / passphrase, is this all really necessary?

(b2) can someone please explain what sort of situation would be
necessary for a private key that's been secured via a password is
actually compromised? Are we talking about keyloggers, etc. here?
Brute force? etc.

(c) if your "laptop keypair" (terminology from article above) is
compromised, data encrypted against that subkey will be compromised as
well, correct? The only benefit to creating subkeys is that you can
then revoke the subkey using your original signing key and let the
world know that you're still "in control" of your identity, correct?

(d) let's say you've used the laptop keypair to encrypt a wide swath
of data (emails, actual files, etc.). If you revoke the laptop subkey
because it's been compromised, can you still use that compromised
keypair to _decrypt_ the data, or is it lost forever?

Any thoughts / clarification appreciated.

James