Why Signing key part of Master key

Michał Górny mgorny at gentoo.org
Sun Feb 24 20:51:14 CET 2019


On Sun, 2019-02-24 at 19:34 +0000, Farhan Khan via Gnupg-users wrote:
> Hi all,
> 
> I am still working on setting up the "perfect" setup. When I created the master, it was [SC]. I
> question, why is the signing key part of the master key? Why not have it be a subkey? Almost
> everywhere I looked, the two were a single key except this site
> (http://openpgpblog.tumblr.com/post/219954494/photos-on-pgp-keys). In my own tests the signing
> functionality worked the same when they the signing key was a subkey versus a part of the master.
> 
> Are there any advantages of disadvantages either way?
> 

Gentoo policy [1] requires split signing subkey.  The main advantage is
that you can then store primary key offline, and not have it exposed
the same way subkeys are.

[1]:https://www.gentoo.org/glep/glep-0063.html

-- 
Best regards,
Michał Górny
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190224/4e2f2320/attachment-0001.sig>


More information about the Gnupg-users mailing list