On 2/24/19 8:34 PM, Farhan Khan via Gnupg-users wrote: > Hi all, > > I am still working on setting up the "perfect" setup. When I created the > master, it was [SC]. I > question, why is the signing key part of the master key? Why not have it be a > subkey? Almost > everywhere I looked, the two were a single key except this site > (http://openpgpblog.tumblr.com/post/219954494/photos-on-pgp-keys). In my own > tests the signing > functionality worked the same when they the signing key was a subkey versus a > part of the master. > > Are there any advantages of disadvantages either way? > > Thank you,
its mostly a sensible default as people tend to keep key material on disk on online computers to begin with.. the benefits of a separate primary normally comes out in scenarios with stronger security requirement, at which point the manual interaction required to set it up isn't the biggest hurdle anyways, but actually keeping up with operational security is. (note, its not the SC capable primary that is the issue to begin with, but actually keeping it isolated, the primary will always be able to become signing-capable anyways by updating the flags on its self-signature) -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users