On 2013-07-06 21:52, Hauke Laging wrote: [snip a whole bunch of helpful stuff] > My recommendation: > Separate keys by email address type: > > a) private (one group) > b) each business separate > c) each organization separate [snip a whole bunch more useful stuff]
This was an amazingly helpful email. I've seen a lot of posts (both blog and here on the mailing list) that are full of technical explanations, but very few that go over best practices for managing multiple identities. I too juggle several dozen email addresses (many of which come to a single catch-all mailbox, but help in filtering the incoming deluge), so if you know of any "Best practices in managing multiple GPG identities for dummies" resources, I'd love to become better versed at whatever links you provide. > > (4) I create independent keys (without sub keys) and use one key > > for multiple email accounts. > > You should NEVER use mainkeys outside a safe environment (boot from > CD/DVD). Only subkeys should be used on normal systems. Could you explain this a little more? This sounds very important, but I feel I'm not grasping the interplay of mainkeys vs. subkeys and how they are (or should be) accessed. I'd understood that unlocking a keyring got you access to all the keys on it, so accessing a sub-key in a non-safe environment would potentially risk exposing your mainkey as well. I suspect I've missed something important. Thanks, -tkc
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
