On 01/02/2017 11:26 AM, Christopher Beck wrote: > > Hi Lynn, > > > well, it is possible. There is an option for exporting only subkeys: > > gpg --output secret-subkeys --export-secret-subkeys SUBKEYID! > > It is important to use the exclamation mark at the end of the subkey-id! > > Instead of this: how about a company-key for trust-signing the > exployees keys? Then, a custumor just hast to set the correct trust > level to that company-key (okay, might be dangerous and not everybody > wants to do this, but might be an option). >
How about this: I use another company encryption key for auditing purpose only. When employees send emails, they always use this encryption key as well as the public keys of recipients for encryption. This way, I don't have to backup employees' encryption keys, and can even simplify to use a single key for each employee (this might be arguable, but it's hard for me to convince myself that it's worthwhile to use separate encryption key in this case). But I'm not sure if I need to customize some PGP implementation in order to do so. -- Thanks, Lou
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
