Re: multiple e-mail addresses: what are the solutions?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Doug Barton escribió: ... > comfortable signing one key, but not the other. The other advantage > (now that I've left that employer) is that when attending key signing > parties now I don't have to worry about asking people to sign a key > with e-mail addresses I no longer have access to. You can solve that problem by adding a freeform UID to the key (an UID with your name on it, but without any email address). If people sign it, you can revoke the UIDs bound to email addresses, and add new UIDs for new email addresses, without losing the old signatures (as long as you don't revoke the freeform UID). But sometimes people will refuse to sign an UID without an email address. Anyway, most of time, people won't even know they can chose what UIDs to sign... Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJpOsBAAoJEMV4f6PvczxA0mYH/3qdpQK6OD1V2y+9ORMTddH/ lEHIl4UOlSBnVcBecLxqbdXFin6Ilf98ezy7xVApNijAmKn1PwNO78Asogf4fILL dtrOf5lhtYb1N4tdg7Gwz1Y9jBtWpxMMGJpZd7C+BiI4ebNlzSGYNE5N8eSDH/WX WWNiszd/N6KagyouWlKo+xoyw9rpzP2/pJyWecIGfShyYni01K74OIt1ctO+Bi7O oEpO7rNieNaEia/xE9/5NUprLD9pxQEnw3ORoAxAJQYauMmO8NTiwLqLengr+T+G 7gskZ8B2ii8Tw5pPhMEVtVCu+NugQqVr/bW6YHlyv6HDjqVsGJ8ckOw+G4fJpsg= =C8gd -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: multiple e-mail addresses: what are the solutions?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 gerry_lowry (alliston ontario canada) escribió: ... > My question: if I go with separate keys, as in > > e-mail_address_1 public_key_1private_key_1 > > e-mail_address_2 public_key_2private_key_2 > > e-mail_address_3 public_key_3private_key_3 > > then, is it permissible to have > all of my public keys together on the same pubring.gpg file and > all of my private keys together on the same secring.gpg file? Yes, it's very possible, and each private key can have it's own different passphrase. GnuPG knows what key to use to decrypt each message. ... > Also, if it is possible, what are the advantages and the disadvantages? Well, the advantage is you can decrypt all the messages encrypted to your different keys without having to switch from one keyring to another. The disadvantage is if your hdd crashes, all your keys crash together. Of course, the idea is to have a backup. I started making 1 different key pair for each one of my email accounts. But at some point, I added more UIDs, so currently 2 of my email accounts can use either 1 key or another one. The remaining email addresses are still "isolated". And I keep all those keys in the same keyrings, and I manage all the email accounts from the same email client (Mozilla Thunderbird). My TB is configured to use 1 key when composing messages from 1 email account, and other key for the other account, and so on. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJpN83AAoJEMV4f6PvczxAbKkIAIrAA8NPNLmOloZ8E/CDSHPM mJe7F8a4NIJ+zpUcbgdfrNno7qKUSvp0zj2lpsI4JItA8WQbMVyEdyI4stuXzwhZ 7ctvjAOguNn7yGR2/w41P3Nx/lejRzT8ctjAA/6/sSarfQpq76P6CIwtr5xBZGu/ 9eITjasl9wu3VmV75Zk3SpcC4wL/SsZLrjpwgqVY2nnnUtcuj10sc5mDI3cPOeWi GeJCJ15qLvtLHTb7nZDkyueqh5W2vkE85x/X/JBGjOFu49Pmi6ILWe7yE/KrYTMh RbDf56FO+NvyxYI3Vl+PdtII4KEzVxp9vmhI5KiYvruDmAVGu7Kd4oLEhMxzXZw= =UTUC -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: multiple e-mail addresses: what are the solutions?
gerry_lowry (alliston ontario canada) wrote: > Thank you John and David. > > John Clizbe has suggested a "key with multiple email addresses > (userIDs) per identity/personae" as one strategy. David Shaw has > mentioned a strategy of separate keys for different purposes. FWIW, I use a blend of these two strategies. I have a personal key that has my main personal e-mail address, my @freebsd.org e-mail address, and my old e-mail address (which was the first uid to gather signatures so has more than the new e-mail address). In my former position I needed a PGP key for my e-mail so I generated a new one that was specific to that position. It had several e-mail addresses (uids) attached to it (for various uninteresting reasons). > My question: if I go with separate keys, as in > > e-mail_address_1 public_key_1private_key_1 ... > then, is it permissible to have all of my public keys together on > the same pubring.gpg file and all of my private keys together on > the same secring.gpg file? Yes, and I still have both keys on my keyring(s). Because I like to keep things separated I actually have a my-pub-keys.gpg keyring (as well as other rings with keys dedicated to other purposes). > Also, if it is possible, what are the advantages and the > disadvantages? The only disadvantage I've run into was very minor, asking people at key signing events to sign both keys. Now that people with multiple keys are more common, that's hardly an issue any longer. The advantages for me were clear separation between my "work" and "personal" identities; which was primarily a benefit when it came to e-mail (both signing and encryption) but there a few people who were comfortable signing one key, but not the other. The other advantage (now that I've left that employer) is that when attending key signing parties now I don't have to worry about asking people to sign a key with e-mail addresses I no longer have access to. hope this helps, Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: multiple e-mail addresses: what are the solutions?
Thank you John and David. John Clizbe has suggested a "key with multiple email addresses (userIDs) per identity/personae" as one strategy. David Shaw has mentioned a strategy of separate keys for different purposes. My question: if I go with separate keys, as in e-mail_address_1 public_key_1private_key_1 e-mail_address_2 public_key_2private_key_2 e-mail_address_3 public_key_3private_key_3 then, is it permissible to have all of my public keys together on the same pubring.gpg file and all of my private keys together on the same secring.gpg file? is it even architecturally possible to have all of my public keys together on the same pubring.gpg file and all of my private keys together on the same secring.gpg file? Also, if it is possible, what are the advantages and the disadvantages? Thank you. Regards, Gerry (Lowry) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: multiple e-mail addresses: what are the solutions?
On Feb 21, 2009, at 7:16 PM, gerry_lowry (alliston ontario canada) wrote: Hello, in my first attempts at PGP, I had only one e-mail at time, occasionally two or three. Now I have many different e-mail addresses that I use on a regular basis for various purposes, none of them illegal. Some web sites force users to have addresses likem...@theirdomain.com for reasons such as attempting to control spam. Examples: I have a gmail account for communication with my IPP if my site is down. If my IPP is also down, I'm out of luck. I have an e-mail address from a customer who prefers that his customers contact me via ge...@hiscompany.com. et cetera, et cetera, et cetera Please note: I'm for all intents and purposes new to PGP/GPG. It seems that for any e-mail address that I have, I need a key pair that corresponds to each e-mail address. That is one way to do it. The other way is to have a single keypair with multiple email addresses on it (using the --edit-key menu and "adduid" you can add as many addresses are you like to a key). And then there is a blend of the two methods where you have more than one keypair, each with some of the email addresses on it. Which method you want to do with depends on what you're trying to accomplish, and how you like to manage keys. There is no one right answer here - it's very much a matter of taste. Personally, I like to use a different key for each overall purpose (i.e. one key for $day_job, one key for personal and open-source work), but again this is just what I like. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: multiple e-mail addresses: what are the solutions?
gerry_lowry (alliston ontario canada) wrote: > > It seems that for any e-mail address that I have, I need a key pair that > corresponds to each e-mail address. > > Is there a better strategy? A key with multiple email addresses (userIDs) per identity/personae? -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=help Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
multiple e-mail addresses: what are the solutions?
Hello, in my first attempts at PGP, I had only one e-mail at time, occasionally two or three. Now I have many different e-mail addresses that I use on a regular basis for various purposes, none of them illegal. Some web sites force users to have addresses likem...@theirdomain.com for reasons such as attempting to control spam. Examples: I have a gmail account for communication with my IPP if my site is down. If my IPP is also down, I'm out of luck. I have an e-mail address from a customer who prefers that his customers contact me via ge...@hiscompany.com. et cetera, et cetera, et cetera Please note: I'm for all intents and purposes new to PGP/GPG. It seems that for any e-mail address that I have, I need a key pair that corresponds to each e-mail address. Is there a better strategy? Regards, Gerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users