@Kristian @TheFuzzyWhirlpoolThunderstorm @Micha appreciate all the replies. all good insights. i've got a better picture in my head of how to manage my keys now.
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > On 07/08/2014 11:15 AM, The Fuzzy Whirlpool Thunderstorm wrote: >> On Tue, Jul 08, 2014 at 10:54:18AM +0200, Kristian Fiskerstrand >> wrote: >>> Wouldn't necessarily be to _hide_ anything either. I tend to use >>> it as a role-based approach, e.g. I have an own key for my work >>> address (that is barely used at all, but it _is_ available). The >>> primary reason for this is that I have that key located on the >>> company computer which is under the control of the IT department, >>> not me, so wouldn't want to use my own personal keys for that. >> There is no limitation of how many keys can be associated with a >> single mail address. You may generate one key for each computer you >> are using and tell your contacts to encrypt the messages with a >> specified key. > If you are talking about subkeys here, that works nicely for signing > keys, not so much for multiple encryption subkeys. >> For example, on a private subject - you may use the key stored on >> your private computer, so that the sender will ensure that you read >> the encrypted message on your private pc not on your public >> system. >> If privacy isn't absolutely needed, you may use the key stored on >> your public system managed by another administrator. Your key is >> safe, as long as you protect it with an uncrackable passphrase. The >> system administrator may gain access to your private key file, but >> not to your private key usage right. > What is to stop them from installing a keylogger if they wanted to? >> One last thing to remember: if you don't trust the system, don't >> store any private key on it. That's a bit paranoid, but it's better >> to be safe than to trust and regret later. > Thats not paranoid, that is good security management. -- Bill Key fingerprint = DB4D 251B FE8A BDCD 2BE4 E889 13F1 78D0 A386 B32B _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
