On 12/12/10 7:00 AM, David Shaw wrote: > > If you were forced to disclose your encryption key, you could give > them just that particular subkey and not give them the signing > subkey at all. What some people (me, among others) do in addition > to this, is to remove the primary key and store it offline. That > way even if it's an accidental leak of the key (rather than a > compelled one), the primary key is safe. Since the primary key can > be used to revoke the old subkeys and make new ones, this is a very > safe way to handle keys.
Obviously the offline storage/copy would include the subkeys and essentially be a backup of all 3, but how is the primary key removed from the two subkeys in the keyring? Regards, Ben
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
