I attended a small key signing party Saturday after generating a new key with multiple subkeys with the notion of having a email signing keys on less secure systems like my VPS (using mutt) and a separate subkey for each computer or device.
https://wiki.debian.org/subkeys says "The really useful part of subkeys is that they can be revoked independently of the master keys, and also stored separately from them." So I can keep my primary key off the network and use it only for signing other peoples keys. Another sensible precaution is to have different passphrases for each of these subkeys. However when working with the full key set when I attempted to change the passphrase for a subkey, it also changed the passphrase for the main key. I'm assuming at this point when I separate the keys, I can change the passphrase as planned... Is this a bug? Should I file a bug report? Then I decided I should do some more reading and get a better understanding of subkeys and of the more recent documentation and blogs I found the following: http://www.gnupg.org/faq/subkey-cross-certify.en.html https://alexcabal.com/creating-the-perfect-gpg-keypair/ http://blog.dest-unreach.be/wp-content/uploads/2009/04/pgp-subkeys.html https://grepular.com/Android_Privacy_Guard_and_Subkeys OK, the FAQ is the first I heard about subkey cross-certification. Is that info current and correct? What is recommended? Does anyone have some pointers on personal or organizational Policy and Best Practices documents under a copyright or license terms that allow modification? Thanks, Chuck _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
