Hi all, I want to introduce encryption to my email accounts and hesitate already for almost a year to set up the keys/infrastructure because I see some severe problems. Maybe you can tell me your experiences/ideas about the concerns I have...
Situation: I want so set up a GnuPG infrastructure for my (lets say) 20 email accounts. 1. Possible ways to implement and my concerns: (1) I create one key pair for each email account. In case one key gets compromised the possible damage is limited to one email account. However, as drawback I'd have to (1) remember 20 passphrases (with for example 20-40 characters each) and (2) type them every time I want to read the emails. This does not seem to be very convenient... (*) (2) I create one key with several sub keys for each email account. If this key gets compromised I'd have to exchange all keys. This could be a lot of work (for me and others). (3) I create independent keys (with several sub keys) for groups of email accounts (private/official/work/...). (4) I create independent keys (without sub keys) and use one key for multiple email accounts. (*) additionally, all senders of emails to me would have to choose the right keys for the account to send the email to. (related to 3.) 2. Maintenance: Usually, I keep all (important) old emails locally on my hard disk. But how should this be done with encrypted emails since the private key might get lost or compromised one day? So far, I think it would be necessary to decrypt all emails before archiving and store them (unencrypted) on the encrypted (LUKS etc.) hard disk. 3. Spam/Privacy: In case one has the public key, he/she also has the email address attached to that key. In my opinion, this is not very useful since it might open the door for lots of spam. Usually, I want to give my public key only to people I know in person. So they'd know my email address either way. Does it create problems to attach a fake email address to the key (e.g. @example.com)? Would I be less trustworthy to other people (that I might not know in person) or do they on the network of trust (respectively, the number of people who signed my key even there's an obvious fake email inscribed)? 4. Transport private keys other computers: Since I read my emails on laptop and PC, I need to copy the private key to both computers. This is against the normal intention of a "private key". How is/should this be usually done? Thanks for suggestions, -- atair _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users