some beginner questions

Faramir faramir.cl at gmail.com
Wed Apr 5 00:23:02 CEST 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 02-04-2017 a las 20:23, Will Senn escribió:
...
>> In short, the main key acts as a level of indirection, which
>> separates your identity from your encryption/signing keys.
> Sounds like what I was led to believe to be the case, but at the
> end of the day, I don't seem to be able to sign anything with the
> signing subkey if the master key is not present (with sec instead
> of sec#). Do you know how I get it to use the subkey (the manual
> says it will default to a signing subkey, but that's not my
> experience).

  I keep my whole key (main and subkeys) in an encrypted container,
and use only the subkeys on a daily basis (one signing and one for
encryption). The idea was that I could carry gpg on a pendrive and if
the pendrive is lost, I could revoke the subkeys, and don't lose the
signatures on the main key. It worked on gpg 1.4.x and it works for me
on GPG4Win, the only things I can't sign are other keys (unless I
mount my whole key).

  Now, if my computer gets infected by a key-stealing virus and I
don't notice it before mounting my whole key, I'm toasted anyway. But
at least I have a chance to get a warning, and I also can read my
encrypted emails on my laptop without worrying about the keys in case
I lose the laptop.

   Best Regards

P.S: about orphan keys, I've set my keys to expire in 2 years, so if I
lose the private keys, they won't haunt me forever. I just need to
remember to change the expiration date from time to time.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJY5BzGAAoJEMV4f6PvczxAJKcH/3vmRJ1YBr383P41Z681OL2J
LTelFJbwwTmp1131UKZ4C9tKHAOykt6JPErCvoGcjkVjiuScy4lto/1i4SLsTnTo
3kvGd4/k8Wpo/G8iGiFZ3hERziJhs75RNkvw4T0vTpDigHepFAHrdX2CwTl84Dk6
Cz6TMbYnLIepiESO9R9QZcdiQ36SnOy8ViuGiEeokZvYsEfigdisWVps61I7Ip+r
XRJmlEJW5GuuVtKG/DcmoOY3aocRMW0u08+jhDHaLihRiV+GrFKHaWcSLST9N3R+
GfvEU+hdoa/MMPZmFNAi/55E6RyKzTAWjegul0D+TwHN670hKwkY53HOvmhwY6o=
=6o3D
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list