On May 2, 2011, at 10:47 AM, patric...@lavabit.com wrote: > Hi, > > I have question on key management and was looking for some feedback. My > issue is that I like the idea of having a Master signing key with no > expiration date and I want to store this key offline without the > inconvenience of using an offline computer every time i'd like to send a > signed/encrypted message. > > My idea is to create a master signing key on an offline > computer(persistent live usb). Then create two subkeys that have regular > expiration dates. One encryption key and one additional "daily-use" > signing key. I would post my master key in my signature and use it to > sign the sub-keys. When sending mail I would use my daily use key to sign > my messages. I would only access and use my master key when it is > necessary to sign other keys and update my sub keys. Would this create any > problems for those reading and verifying my emails?
No problems unless your correspondent is using a very old version of PGP that doesn't properly handle subkeys. I wouldn't worry about that too much in 2011. > Would it be necessary > to link to my key policy in my mail or would it be seamless that my sub > signing key is valid because it is signed by the master. It should be seamless. This is a reasonably common thing to do. I do it myself, in fact. There is/was a HOWTO document for this method of handling keys written at one point. I can't seem to find the link at the moment, but if someone has it handy, please do post it. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
