export encryption (subkey) only?

Lou Wynn lewisurn at gmail.com
Mon Jan 2 22:33:33 CET 2017


On 01/02/2017 11:26 AM, Christopher Beck wrote:
>
> Hi Lynn,
>
>
> well, it is possible. There is an option for exporting only subkeys:
>
> gpg --output secret-subkeys --export-secret-subkeys SUBKEYID!
>
> It is important to use the exclamation mark at the end of the subkey-id!
>
> Instead of this: how about a company-key for trust-signing the
> exployees keys? Then, a custumor just hast to set the correct trust
> level to that company-key (okay, might be dangerous and not everybody
> wants to do this, but might be an option).
>


How about this: I use another company encryption key for auditing
purpose only. When employees send emails, they always use this
encryption key as well as the public keys of recipients for encryption.
This way, I don't have to backup employees' encryption keys, and can
even simplify to use a single key for each employee (this might be
arguable, but it's hard for me to convince myself that it's worthwhile
to use separate encryption key in this case). But I'm not sure if I need
to customize some PGP implementation in order to do so.

-- 
Thanks,
Lou

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170102/0506742b/attachment-0001.html>


More information about the Gnupg-users mailing list