Hello I've spent a few hours reading the list archives and would appreciate verification of my understanding or corrections as appropriate.
[Key management] I only need one GPG identity for now. I also use GPG on devices of two classes: "Secure" and "insecure". I would like to take some operational security (OPSEC) precautions to minimize my pain when my insecure devices get compromised. The plan: 1. Create two subkeys: one for signing, one for encrypting. 2. Export the full keyring and keep it somewhere safe (on a few offline systems). 3. Create a "insecure" keyring with the original signing subkey missing (as described in https://alexcabal.com/creating-the-perfect-gpg-keypair/ ) 4. Only use the "insecure" keyring on "insecure" systems. Hope the above is a reasonable generic key management approach. [APG] According to https://grepular.com/Android_Privacy_Guard_and_Subkeys this keyring setup is not usable by APG. Given this, how are people using GPG on Android without exposing their entire keyring? Is creating a completely separate key/identity (sorry not sure what the right term is) currently the only way to maintain some semblance of OPSEC? Alex
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
