Advice on key set-up for work at employer

Andrew Gallagher andrewg at
Thu Aug 4 09:33:00 CEST 2016

On 4 Aug 2016, at 01:37, taltman <taltman at> wrote:

> 1. Create a new GPG keyring specific for my identity with my employer
> 2. Cross-sign my existing personal GPG key with the employer-specific
> GPG key
> 3. Do proper key hygiene things (backups, revocation certs, etc.) on
> employer-specific key
> It seems with this set-up I can simply just turn over the password to
> the private key of the employer-specific GPG keyring if I'm ever
> obligated to give them access to their files. This keeps a nice clean
> separation between their property, and my personal GPG keyring. When it
> comes time to end my time at the employer, I can revoke the
> employer-specific key. If I no longer am able to use the
> employer-specific GPG keyring, I can at least revoke my signature of the
> employer-specific keyring if my former employer gains the password to
> the keyring.

Yes, this is the textbook case for having a separate primary key for a particular identity. I have implemented this myself. 


More information about the Gnupg-users mailing list