Hi! I would like to partition my key like this:
- long term identity key (air gapped, master key) [a] -- short term e-mail encryption key (less secured sub key, only on mail machine) [b] -- short term e-mail signing key (less secured sub key, only on mail machine) [c] -- short term images/repository key (less secured sub key, only on software build machine) [d] -- long term encryption key (air gapped, sub key) [f] In other words, I would use: - [b] and [c] for convenience, communication which isn't that important - [c] to sign software / apt repository - [a] to sign important messages (key transition etc.) - [f] little convenience, for receiving important messages What is the best way to make key [b] the default, so anyone writing an encrypted mail will use key [b] and not key [f] unless a conscious decision was made? What is the best way to communicate...? - if you want to send a mail, in most cases, use key [b], - unless it is really important, then use key [f] - most of my mails will be encrypted with key [c], unless it's important, then I use key [a] - software I sign will be signed with key [d], do not use software signed with key [c] It would be best if this information was presented by default, such as when importing my key or at least when running --fingerprint. What is the best way to communicate that, sub packets (notations), UUID comments or something else? Are sub packets (notations) signed by the master key [a]? Are UID comment signed by the master key [a]? Cheers, adrelanos _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
