> Both computers are laptops, but I am the sole user for both. One is my > personal laptop, the other is for work.
If you hand the laptop back at any point then I would, scrub the hard drive thoroughly. But as long as you trust both computers then it should be fine. PGP is all about trust. > Would I be better setting up a 'personal' key and a 'work' key (in you > opinion)? It all depends on how much you come to rely on either key. If your "work" key becomes the de-facto key for authenticating yourself then it becomes more important to protect it. You can always revoke keys that you feel have been compromised by using the revocation certificate that you (should have) created when you generated the keys. As before if you trust both machines, and are paranoid about the whereabouts and programs on both, then the need for two keys becomes moot. > That option only allows you to export your public key, so as I understand it > I wouldn't > be able to then use it on the second laptop to sign or encrypt? You want to encrypt with your public key, because only the private key will decrypt it. You want to sign files with your private key, because only the public key is available to everyone to authenticate the signature. If both machines are Linux based then copying ~/.gnupg should suffice. (I think...) CiarĂ¡n -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
