Multiple UIDs or multiple master keys?
Ingo Klöcker
kloecker at kde.org
Wed Jul 15 11:03:53 CEST 2020
On Mittwoch, 15. Juli 2020 05:03:17 CEST Philihp Busby via Gnupg-users wrote:
> On 2020-07-14T11:20:53+0200 Ingo Klöcker <kloecker at kde.org> wrote 2.5K
> bytes:
> > On Dienstag, 14. Juli 2020 02:48:06 CEST Philihp Busby via Gnupg-users
> > wrote:
> > > 2: What benefits benefits are there to having separate master keys for
> > > personal and professional use? Outside of not wanting the identities
> > > linked, because I am not yet famous enough for that.
> >
> > You might not want to store your personal master key on a computer
> > provided
> > (and controlled) by your employer.
>
> Is this alleviated by subkeys? i.e. it is not necessary to keep the master
> key on another's device.
Yes and no. Yes, because your master key cannot be compromised if it's kept
off of the computer controlled by your employer.
But it will create problems for people who want to send you encrypted messages
because there's no way for them to know which of the encryption subkeys to
use. You may work around this by making sure that the non-personal encryption
subkey is newer than then personal one because, AFAIK, gpg will automatically
select the newest encryption subkey. But that's a fragile setup.
> > But I suggest to ask the opposite question: What benefits are there for
> > _not_ having separate master keys for personal and professional use?
>
> The things I found are limits/benefits:
> - I can only have one 'default' key in my gpg.conf
> - My global gitconfig can only have one user.signingKey
Those benefits make sense if you use your personal user account on your
personal computer also for professional stuff. Otherwise, I see no benefit in
having identical configurations on different computers. My work-work computers
have always been configured completely differently from my personal computers.
In my opinion using separate master keys outweighs those minor conveniences of
using the same master key by far. I have always used separate master keys in
the past. And, in fact, I find it more convenient because it saves me the
hassle of juggling around with different subkeys. Your mileage may vary.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200715/bd58d5bc/attachment.sig>
More information about the Gnupg-users
mailing list