On 10/12/10 2:33 PM, David Shaw wrote: > > A good way to look at this is to pick what you want your primary key > to be. The subkeys don't really matter that much, as the primary is > the one that gathers signatures, and the one that makes (i.e. signs) > subkeys. It's the key that establishes "identity" in the web of > trust. The subkeys matter a lot less as it's trivial to make new > subkeys whenever you feel the need, using whatever algorithm and > size is favored at that point.
Very interesting. > One useful model is to make a large & non-expiring primary key, and > use it only to make subkeys. Use a subkey for signing data, and a > (different) subkey for encryption. This has a few advantages, such > as that you can leave this primary key offline altogether (since you > only actually need it to make more subkeys). It's hard to > compromise a key that isn't actually on your computer most of the > time :) I think this is probably what I will do for my next key, but how do I specify between the primary key and the signing subkey when signing messages? Is that done with the Sign, Encrypt, Certify and Authenticate capabilities during key creation? I'm happy to do it in expert mode, I just want to be clear on the different options. Regards, Ben
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
