From Masterkey to subkey
Robert J. Hansen
rjh at sixdemonbag.org
Tue Mar 7 15:08:39 CET 2017
> Sometimes ago, I generated my master key without following the state of
> the art of the gpg, meaning using an offline master key, and only sign
> and enrypt with subkeys.
Whoever told you this was badly misinformed. While you *can* do this,
it is by no means a general recommendation. The only general
recommendation we give is "unless you know what you're doing and why,
stick with the defaults."
You didn't make a mistake. If you have a need for an offline master key
(if not having one will cause your local security policy to fail), then
by all means do it. But otherwise, think twice: you're introducing a
lot of additional complexity for not very much benefit.
More information about the Gnupg-users