On 4 Aug 2016, at 01:37, taltman <talt...@gmail.com> wrote: *snip* > > 1. Create a new GPG keyring specific for my identity with my employer > 2. Cross-sign my existing personal GPG key with the employer-specific > GPG key > 3. Do proper key hygiene things (backups, revocation certs, etc.) on > employer-specific key > > It seems with this set-up I can simply just turn over the password to > the private key of the employer-specific GPG keyring if I'm ever > obligated to give them access to their files. This keeps a nice clean > separation between their property, and my personal GPG keyring. When it > comes time to end my time at the employer, I can revoke the > employer-specific key. If I no longer am able to use the > employer-specific GPG keyring, I can at least revoke my signature of the > employer-specific keyring if my former employer gains the password to > the keyring.
Yes, this is the textbook case for having a separate primary key for a particular identity. I have implemented this myself. A _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users