[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    How to add information about purpose/security of sub keys?
From:       adrelanos <adrelanos () riseup ! net>
Date:       2013-11-13 23:08:14
Message-ID: 5284065E.2080207 () riseup ! net
[Download RAW message or body]

Hi!

I would like to partition my key like this:

- long term identity key (air gapped, master key) [a]
-- short term e-mail encryption key (less secured sub key, only on mail
machine) [b]
-- short term e-mail signing key (less secured sub key, only on mail
machine) [c]
-- short term images/repository key (less secured sub key, only on
software build machine) [d]
-- long term encryption key (air gapped, sub key) [f]

In other words, I would use:

- [b] and [c] for convenience, communication which isn't that important
- [c] to sign software / apt repository
- [a] to sign important messages (key transition etc.)
- [f] little convenience, for receiving important messages

What is the best way to make key [b] the default, so anyone writing an
encrypted mail will use key [b] and not key [f] unless a conscious
decision was made?

What is the best way to communicate...?
- if you want to send a mail, in most cases, use key [b],
- unless it is really important, then use key [f]
- most of my mails will be encrypted with key [c], unless it's
important, then I use key [a]
- software I sign will be signed with key [d], do not use software
signed with key [c]

It would be best if this information was presented by default, such as
when importing my key or at least when running --fingerprint. What is
the best way to communicate that, sub packets (notations), UUID comments
or something else?

Are sub packets (notations) signed by the master key [a]?

Are UID comment signed by the master key [a]?

Cheers,
adrelanos

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]