Importance of time in pgp algorithms
Adrian 'Dagurashibanipal' von Bidder
avbidder at fortytwo.ch
Wed Jan 28 08:29:14 CET 2004
On Tuesday 27 January 2004 23:13, Nicholas Paul Johnson wrote:
> 2.) I also use a desktop. Is it secure for me to simply duplicate my
> ~/.gnupg directories on each machine (assuming that I copy the files in a
> secure way), or should I create a different key-pair for the desktop
> machine?
http://fortytwo.ch/gpg/subkeys
Short summary:
You can use subkeys in this situation. The main advantage: if somebody gets
hold of your laptop (assuming that you have only secret subkeys on the
laptop, but not the primary secret key), you can revoke that signing subkey
and generate a new one, without losing your whole key.
The person holding a secret subkey can use this, of course (signing messages,
reading messages encrypted to that subkey), but can *not* generate a new
subkey, or sign keys, or revoke the subkey or other key parts. So, you lose
authenticity on old signed messages, and secrecy on old encrypted messages,
but you don't lose your key with all the signatures you've created on it.
But I recommend reading the web page, as this method has quite a few
drawbacks; the most prominent being that automatic key retrieval dos not work
with most (all?) current keyservers.
cheers
-- vbi
--
MICROSOFT: Most Intelligent Customers Realize Our Software is Only
for Fools and Teenagers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 331 bytes
Desc: signature
Url : /pipermail/attachments/20040128/c63fa2fa/attachment.bin
More information about the Gnupg-users
mailing list