From Masterkey to subkey

Robert J. Hansen rjh at
Tue Mar 7 15:08:39 CET 2017

> Sometimes ago, I generated my master key without following the state of
> the art of the gpg, meaning using an offline master key, and only sign
> and enrypt with subkeys.

Whoever told you this was badly misinformed.  While you *can* do this,
it is by no means a general recommendation.  The only general
recommendation we give is "unless you know what you're doing and why,
stick with the defaults."

You didn't make a mistake.  If you have a need for an offline master key
(if not having one will cause your local security policy to fail), then
by all means do it.  But otherwise, think twice: you're introducing a
lot of additional complexity for not very much benefit.

More information about the Gnupg-users mailing list