> Sometimes ago, I generated my master key without following the state of > the art of the gpg, meaning using an offline master key, and only sign > and enrypt with subkeys.
Whoever told you this was badly misinformed. While you *can* do this, it is by no means a general recommendation. The only general recommendation we give is "unless you know what you're doing and why, stick with the defaults." You didn't make a mistake. If you have a need for an offline master key (if not having one will cause your local security policy to fail), then by all means do it. But otherwise, think twice: you're introducing a lot of additional complexity for not very much benefit. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users