some beginner questions

Faramir at
Wed Apr 5 00:23:02 CEST 2017

Hash: SHA256

El 02-04-2017 a las 20:23, Will Senn escribió:
>> In short, the main key acts as a level of indirection, which
>> separates your identity from your encryption/signing keys.
> Sounds like what I was led to believe to be the case, but at the
> end of the day, I don't seem to be able to sign anything with the
> signing subkey if the master key is not present (with sec instead
> of sec#). Do you know how I get it to use the subkey (the manual
> says it will default to a signing subkey, but that's not my
> experience).

  I keep my whole key (main and subkeys) in an encrypted container,
and use only the subkeys on a daily basis (one signing and one for
encryption). The idea was that I could carry gpg on a pendrive and if
the pendrive is lost, I could revoke the subkeys, and don't lose the
signatures on the main key. It worked on gpg 1.4.x and it works for me
on GPG4Win, the only things I can't sign are other keys (unless I
mount my whole key).

  Now, if my computer gets infected by a key-stealing virus and I
don't notice it before mounting my whole key, I'm toasted anyway. But
at least I have a chance to get a warning, and I also can read my
encrypted emails on my laptop without worrying about the keys in case
I lose the laptop.

   Best Regards

P.S: about orphan keys, I've set my keys to expire in 2 years, so if I
lose the private keys, they won't haunt me forever. I just need to
remember to change the expiration date from time to time.

Version: GnuPG v2
Comment: Using GnuPG with Thunderbird -


More information about the Gnupg-users mailing list