Hi, * patric...@lavabit.com <patric...@lavabit.com> [110502 16:50, mID <7206.205.174.22.25.1304347651.squir...@lavabit.com>]:
> Hi, > > I have question on key management and was looking for some feedback. My > issue is that I like the idea of having a Master signing key with no > expiration date and I want to store this key offline without the > inconvenience of using an offline computer every time i'd like to send a > signed/encrypted message. > > My idea is to create a master signing key on an offline > computer(persistent live usb). Then create two subkeys that have regular > expiration dates. One encryption key and one additional "daily-use" > signing key. I would post my master key in my signature and use it to > sign the sub-keys. When sending mail I would use my daily use key to sign > my messages. I would only access and use my master key when it is > necessary to sign other keys and update my sub keys. Would this create any > problems for those reading and verifying my emails? Would it be necessary > to link to my key policy in my mail or would it be seamless that my sub > signing key is valid because it is signed by the master. If you follow the steps of the howto at [1] without using a smartcard (i.e. you don't move the subkeys to a OpenPGP card, but keep them in the keyring), this should work without problems. You can then sign and decrypt files with the subkeys (if you do it right, people will encrypt messages to the correct subkey *only*). [1] http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups HTH Martin
pgpyI3xccVju7.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
