Andrew Gallagher andrewg at andrewg.com
Wed Mar 23 16:35:46 CET 2016

> On 23 Mar 2016, at 07:27, Dashamir Hoxha <dashohoxha at gmail.com> wrote:
> Is it OK to have a signing primary key? Is it useful?

A signing primary key is fine. I prefer making single-use subkeys for each of A,E,S but only the E subkey is strictly necessary. You can always generate the A,S subkeys later if you find you need them (e.g. if you buy a smartcard), and since you can always enforce use of your A,S subkeys (unlike E, where it's out of your hands) this shouldn't cause you any issues if you change your mind. 

If you are aiming your tool at beginners then single-use subkeys are probably overkill, so the GPG defaults are fine. In general, you should stick to the default behaviour unless you can justify doing otherwise. 


More information about the Gnupg-users mailing list