* on the Sat, Apr 26, 2014 at 10:21:42PM +0000, John Sockwell wrote: > I'm looking for best practices in creating and managing multiple > subkeys and uids. > > In my scenario, I have a personal computer and personal email address. > In addition, I have an employer provided computer and employer > email address. > > I'd like to create a key architecture where if I'm ever compelled to > compromise, revoke, or lose access to the signing and encryption keys > on my work computer, the security and integrity of my personal files > are preserved. The easiest solution seems to be generating separate > primary keys for both identities. However, I believe this would > undermine the WoT when I move to a new employer by not having all > signing and encryption keys originating from the same primary key. > > Is it possible to assign an encryption and signing sub key to a > specific uid so I can separate the keys used?
I don't believe that is possible no. > Is there a better way to achieve this goal through other signing > techniques? I solve this problem using an OpenPGP smart card. My PGP key never touches my work machine, so I never have to worry about it being compromised. When I left my previous job, I revoked the UID containing the email address assigned by that company, and then added the new UID for the new company. -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
