controlling the use of subkeys

Robert J. Hansen rjh at sixdemonbag.org
Sun Dec 24 03:33:50 CET 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mike Frysinger wrote:
> probably, but that doesnt really matter to me much ... all the intricacies of 
> pgp do not interrest me, it's merely a tool to get other things done

When you start doing advanced and sophisticated things with a tool, you
need to invest the time in understanding that tool.  This is true for
pretty much any tool, not just GnuPG.

> i have a personal key/uid i use for signing e-mails and such, E837F581.  when 
> doing gpg signing parties, this is what other people sign.  in Gentoo, rather 
> than using personal keys, we create a new key to keep personal and developer 
> package signing separate.

This is sensible.

This strongly counter-indicates using a new subkey.

After all... when someone sees a signature with your new subkey, they'll
then have to find the master signing key and import that before they can
verify your signature.  And since your personal identity is connected
with that master key, you're going to conflate your personal identity
with your Gentoo identity.

Generate a new keypair and use that instead.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJFjecNAAoJELcA9IL+r4EJXBcH/1HTzgdltX/Vr4rKjNCDx4j3
gynMWYrpLb9lfeLCfTSAQSwV+/Fa33mJAguyQ8iNOFN/bepEQk+WZcAyNZR/pegm
3tX98bjU7/ecUwZeLuLM0d35W0dH4iYs9NVE3FrDYkzI0Zs/z2XCI2RbjqiH2WND
d6gIrNW/TcVxW7F92Dbm3bwHcKhyphGeB37m/8NP7xEmyyUbFoty9fd2zqw4ivUD
yaEyG9TygDY9SyFfU2qcDP1bPUCKUN/LFNcY4bxImfc832Iiv0CwXMKTNYrXJQ4U
ZdfZmImDOIcsz7pukiZGZA3zHBjLVnCeiG9xfVjUUAYdZOXijRfMMqC1vYmWdSY=
=JAbn
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list