On Thursday, March 13, 2014 at 8:03 AM, "Martin Behrendt" <martin-gnupg-us...@dkyb.de> wrote:Hi,
>I want to achieve the following: >1. A Master signing key >2. A subkey signing/enc pair for my normal machine >3. A subkey signing/enc pair for e.g. my mobile device >What I want to do is to have a different "pair" for my mobile device >or work computer than on my machine. I want to give those pairs a >shorter lifetime like 1 year (depending on the paranoia level) so I >can change them more frequently. ===== It is difficult to do what you want using subkeys, but you can easily accomplish what you want by making three new keypairs: Keypair 1 will have the Master signing key and the encryption subkey, with the comment " Principal Keypair" (or whatever descriptive comment you think is clear to your e-mail correspondence. Keypair 2 will have a signing key and encrypting subkey, with the comment "normal computer', and signed by your Master key. Keypair 3 will have a signing key and encrypting subkey with the comment "mobile device', and signed by your Master key. All 3 keypairs will have the same name and e-mail address. Keypairs 2 and 3 can have whatever shorter expiration you want. You can let all your correspondents know that they can encrypt simultaneously to all 3 of your keys that have the same e-mail address (assuming that you give them the fingerprints and long key id' s for the 3 keys, and they aren't going to be fooled by some attacker making a new key with your name and e-mail address). This way you can read and correspond on whatever device you are using at the time. vedaal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users