Signing statement with master key?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Aug 9 01:53:06 CEST 2016


On Mon 2016-08-08 18:29:02 -0400, Cannon wrote:
> This is a hypothetical scenario.
> Lets say if I have a keypair.
> The master key is set to SC (signing and certification) which are the
> default settings. The master key pair is only used on airgap with safe
> data transfer between airgap and network connected computer.
> Is it safe and possible to use the master key (not subkeys) to sign a
> statement?

yes, it is certainly possible.  I'm not sure what you mean "is it safe"
-- safe against what?

It's certainly no less safe than the common/default mode of operation,
where the primary key is not airgapped, and there is no separate
signing-capable subkey.  This is a sensible and well-supported use case.

    --dkg



More information about the Gnupg-users mailing list