-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 02-04-2017 a las 20:23, Will Senn escribió: ... >> In short, the main key acts as a level of indirection, which >> separates your identity from your encryption/signing keys. > Sounds like what I was led to believe to be the case, but at the > end of the day, I don't seem to be able to sign anything with the > signing subkey if the master key is not present (with sec instead > of sec#). Do you know how I get it to use the subkey (the manual > says it will default to a signing subkey, but that's not my > experience).
I keep my whole key (main and subkeys) in an encrypted container, and use only the subkeys on a daily basis (one signing and one for encryption). The idea was that I could carry gpg on a pendrive and if the pendrive is lost, I could revoke the subkeys, and don't lose the signatures on the main key. It worked on gpg 1.4.x and it works for me on GPG4Win, the only things I can't sign are other keys (unless I mount my whole key). Now, if my computer gets infected by a key-stealing virus and I don't notice it before mounting my whole key, I'm toasted anyway. But at least I have a chance to get a warning, and I also can read my encrypted emails on my laptop without worrying about the keys in case I lose the laptop. Best Regards P.S: about orphan keys, I've set my keys to expire in 2 years, so if I lose the private keys, they won't haunt me forever. I just need to remember to change the expiration date from time to time. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJY5BzGAAoJEMV4f6PvczxAJKcH/3vmRJ1YBr383P41Z681OL2J LTelFJbwwTmp1131UKZ4C9tKHAOykt6JPErCvoGcjkVjiuScy4lto/1i4SLsTnTo 3kvGd4/k8Wpo/G8iGiFZ3hERziJhs75RNkvw4T0vTpDigHepFAHrdX2CwTl84Dk6 Cz6TMbYnLIepiESO9R9QZcdiQ36SnOy8ViuGiEeokZvYsEfigdisWVps61I7Ip+r XRJmlEJW5GuuVtKG/DcmoOY3aocRMW0u08+jhDHaLihRiV+GrFKHaWcSLST9N3R+ GfvEU+hdoa/MMPZmFNAi/55E6RyKzTAWjegul0D+TwHN670hKwkY53HOvmhwY6o= =6o3D -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
