On Mittwoch, 15. Juli 2020 05:03:17 CEST Philihp Busby via Gnupg-users wrote: > On 2020-07-14T11:20:53+0200 Ingo Klöcker <kloec...@kde.org> wrote 2.5K > bytes: > > On Dienstag, 14. Juli 2020 02:48:06 CEST Philihp Busby via Gnupg-users > > wrote: > > > 2: What benefits benefits are there to having separate master keys for > > > personal and professional use? Outside of not wanting the identities > > > linked, because I am not yet famous enough for that. > > > > You might not want to store your personal master key on a computer > > provided > > (and controlled) by your employer. > > Is this alleviated by subkeys? i.e. it is not necessary to keep the master > key on another's device.
Yes and no. Yes, because your master key cannot be compromised if it's kept off of the computer controlled by your employer. But it will create problems for people who want to send you encrypted messages because there's no way for them to know which of the encryption subkeys to use. You may work around this by making sure that the non-personal encryption subkey is newer than then personal one because, AFAIK, gpg will automatically select the newest encryption subkey. But that's a fragile setup. > > But I suggest to ask the opposite question: What benefits are there for > > _not_ having separate master keys for personal and professional use? > > The things I found are limits/benefits: > - I can only have one 'default' key in my gpg.conf > - My global gitconfig can only have one user.signingKey Those benefits make sense if you use your personal user account on your personal computer also for professional stuff. Otherwise, I see no benefit in having identical configurations on different computers. My work-work computers have always been configured completely differently from my personal computers. In my opinion using separate master keys outweighs those minor conveniences of using the same master key by far. I have always used separate master keys in the past. And, in fact, I find it more convenient because it saves me the hassle of juggling around with different subkeys. Your mileage may vary. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
