Any help/pointers with these queries? Let me know if they don't make sense and I'll attempt to clarify.
On 30 July 2013 22:30, <ix4...@gmail.com> wrote: > Hello > > I've spent a few hours reading the list archives and would appreciate > verification of my understanding or corrections as appropriate. > > [Key management] > > I only need one GPG identity for now. I also use GPG on devices of two > classes: "Secure" and "insecure". I would like to take some operational > security (OPSEC) precautions to minimize my pain when my insecure devices > get compromised. > > The plan: > 1. Create two subkeys: one for signing, one for encrypting. > 2. Export the full keyring and keep it somewhere safe (on a few offline > systems). > 3. Create a "insecure" keyring with the original signing subkey missing > (as described in https://alexcabal.com/creating-the-perfect-gpg-keypair/ ) > 4. Only use the "insecure" keyring on "insecure" systems. > > Hope the above is a reasonable generic key management approach. > > [APG] > > According to https://grepular.com/Android_Privacy_Guard_and_Subkeys this > keyring setup is not usable by APG. > > Given this, how are people using GPG on Android without exposing their > entire keyring? Is creating a completely separate key/identity (sorry not > sure what the right term is) currently the only way to maintain some > semblance of OPSEC? > > Alex >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
