On Thu, Apr 25, 2019 at 5:54 PM James Le Cuirot <ch...@gentoo.org> wrote: > > if I understood it correctly, it only removes the primary private key > from the online copy and not the entire primary key. The --list-keys > option shows an [SC] primary with an [E] subkey and an [S] subkey and I > gathered from a conversation in #gentoo-dev that this is correct. Are > you suggesting the [SC] primary should not appear here at all?
No, the public key should remain in your keychain. It is, after all, public, so there is no risk of compromise. You really want it to be published as widely as possible actually to reduce the risk of somebody using the wrong key. > > > Secondly, the reason for that is not (just) to have a backup > > but that the primary private key gives you virtually unlimited control. > > Are you contradicting yourself here? You explained why the private key > must be kept secure but you didn't say anything about the rest of the > primary key. The only keys you need to secure are the private keys. These keys are created in public/private pairs always. In the case of our GLEP we have three pairs: a primary, a signing, and an encryption. The signing and encryption pairs are referred to as subkeys, but this is just a convention - mathematically they work exactly the same. Ideally you want all your keys to be secure, but the concept of having tiered keys is that you can keep the primary in a safer place, since it can be used to invalidate and issue new subkeys, and thus you don't have to completely replace the trust chain if one key is compromised. -- Rich