The partners will generate their own keys so we can send them files. We're generating separate pub/priv keys for each partner to receive files from them. My question was that if we should generate separate pub/priv keys or generate subkeys under a single signing key. Looks like the consensus is that we should use entirely separate pub/priv keys.
We will have decryption processes on multiple servers. So if one server happens to get compromised, I want to avoid the disruption of reaching out to 40 partners to exchange keys again. We would only reach out to the affected partners with new keys. Thanks for the input everyone! Farhan On Sun, Jul 19, 2015 at 1:01 PM, flapflap <flapf...@riseup.net> wrote: > Greg Sabino Mullane: > > > > > >> We exchange sensitive files with multiple corporate partners and would > like > >> to set our keys up so that a single private key compromise does not > require > >> generating new keys for all partners. > > > >> 1) Should we generate separate pub / priv key pairs for all partners? > > > > Yes. It's best to keep everyone as separated as possible. > > Probably, it is a non-issue in this specific case (you already know the > files you send to your partners), but in general one (here: your > partners) should not use secret keys generated by others because they > are not /secret/ to oneself anymore. > > Simply let your partners generate their pub/sec key pairs and then > exchange them. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
