On 02/04/17 21:00, Neal H. Walfield wrote: > In short, the main key acts as a level of indirection, which separates > your identity from your encryption/signing keys.
I'd like to extend this short description a bit :-). There is one important somewhat-caveat, which is that you can't delegate the Certify capability to a subkey. This means you always need to use the primary key to sign other OpenPGP *keys*. Signing data can be delegated to a subkey. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
