hierarchical keys?

Samuel ]slund samuel at Update.UU.SE
Wed Mar 31 23:49:59 CEST 2004


On Wed, Mar 31, 2004 at 09:53:15PM +0200, Andreas Bergen wrote:
> 
> There is such a thing in real life. It's sort of a "Schließanlage" (don't 
> know the English word), which everybody knows from big buildings. There's a 
> master key to lock every door but often there's many differen sub-keys which 
> open only selected doors. And it's the owner (master) of the building who 
> distributes the keys to those he trusts.
>
<<<<<<<<<<<< Snip, long description of delegating authority. >>>>>>>>>>>

This could possibly be accomplished by using subkeys.
I do not think they are intended to be used that way but it might be
possible.

People have talked about having a master (key-)signing key on a secure
machine and exporting subkeys from that key to use on less secure
machines. That way the private key that collects signatures is safe and
it is still possible to sign with a well known key on less secure or
potentially uncontrolled machines (like at work) without risking the
real key.

By using the primary key of an OpenPGP key as master and generating
subkeys for the delegated keys you should get the first level of
delegation, i do not know how to get a second level of delegation this way.

HTH
//Samuel




More information about the Gnupg-users mailing list