'sign (and cert)' or just 'cert' on a master key with subkeus

Gabriel Philippe gabri.philippe at gmail.com
Mon Jul 31 23:11:16 CEST 2017

On Mon, Jul 31, 2017 at 5:28 PM, Andrew Gallagher <andrewg at andrewg.com> wrote:
> There are two enormous holes in this argument:
> 1. If the people you communicate with regularly don't do "gpg
> --refresh-keys" regularly they won't find out whether *anything* has
> *ever* been revoked.

A good practice is to define close expiration dates for keys and
subkeys, and regularly postpone them (or renew subkeys), which is only
possible with the "master" offline key and not with the possibly
compromised subkeys. This forces those people who never refresh keys
to do it, or complain, or for most of them abandon PGP because they
get painful warnings and this stupid thing does not work.

Furthermore, if you start sending messages signed with a new subkey,
people who have not refreshed your key will get error messages,
hopefully refresh the key (or complain or abandon PGP), and get both
the revocation certificates and the new subkeys. Without even having
to understand what happens.

Definitely, having different keys for signing and certifying looks OK to me.

> But so long as your passphrase is good, it
> shouldn't matter whether an attacker has a copy of your encrypted
> privkey

I prefer having an easy to type (and weak) passphrase, and rely on
full disk encryption with a big, big passphrase I only type once in a
while. Am I wrong?

Strange tuto... Using a laptop, caring about security (which is
deduced from the use of PGP), and not considering having the storage
memory encrypted.


More information about the Gnupg-users mailing list