On Wed, Jul 24, 2013 at 12:04:40AM +0200, Philipp Klaus Krause wrote: > Am 23.07.2013 23:22, schrieb Max Parmer: > > > > > Sounds like you might want an offline master key with a couple UIDs and > > several subkeys. > > > > But can I have multiple encryption subkeys, with encryption subkeys > associated with UIDs? I one subkey per UID only works for signing. > > > Also if I didn't trust a system enough to use any secret key on it I > > probably also would not want to expose decrypted messages to that > > system, presuming the messages you receive have sensitive/important > > information in them. > > > > Something to consider if you really have cause to not trust that > > computer might be setting up a dedicated, air-gapped system for > > encryption/decryption. > > I do not trust the computer at university with the secret key used to > decrypt my private mail. I did set up that computer myself, but we have > burglars breaking into the offices every few years, many people have > keys to the office, etc. > > Still, I want to be able to read any encrypted mail sent to my > unversity addresses on the computer at university. And I want to use > encryption, since the mails might contain sensitive information, such as > exams, grades, etc (and the mail servers are maintained by students).
It's called compartmental design. No one compromise destroys all your security. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users