Advice on key set-up for work at employer
Andrew Gallagher
andrewg at andrewg.com
Thu Aug 4 09:33:00 CEST 2016
On 4 Aug 2016, at 01:37, taltman <taltman at gmail.com> wrote:
*snip*
>
> 1. Create a new GPG keyring specific for my identity with my employer
> 2. Cross-sign my existing personal GPG key with the employer-specific
> GPG key
> 3. Do proper key hygiene things (backups, revocation certs, etc.) on
> employer-specific key
>
> It seems with this set-up I can simply just turn over the password to
> the private key of the employer-specific GPG keyring if I'm ever
> obligated to give them access to their files. This keeps a nice clean
> separation between their property, and my personal GPG keyring. When it
> comes time to end my time at the employer, I can revoke the
> employer-specific key. If I no longer am able to use the
> employer-specific GPG keyring, I can at least revoke my signature of the
> employer-specific keyring if my former employer gains the password to
> the keyring.
Yes, this is the textbook case for having a separate primary key for a particular identity. I have implemented this myself.
A
More information about the Gnupg-users
mailing list