Associate specific PGP subkeys with specific UIDs

1

It seems to me like PGP keys contain a "collection" of UIDs and also contain a collection of subkeys. Moreover, there doesn't seem to be a way to add comments to a subkey.

Is there any way for me to say:

"If you send encrypted emails to andreas@example.com, use the this subkey. But if you send encrypted emails to the address api@example.com use this other subkey."

In this example, api@example.com is also owned and operated by me, but perhaps I want to allow access by other people to this one without giving them the key to my personal email address. I could post this information on my website, but I'd rather make that information clear in the key itself.

Is it possible to do this? Or is the "standard way" to just create a completely separate identity and keyring for api@example.com?

IQAndreas

Posted 2014-09-05T17:23:25.737

Reputation: 2 317

Answers

2

No, this is not possible; there is no solution specified and I don't know of any clients supporting anything implementation-specific or discussions on standardizing such a feature. Furthermore, most implementations even don't allow to manually select a subkey to encrypt to (so you even can't tell anybody to manually use a specific subkey, but the newest one will be used.

I could imagine a solution using notations, and also but be grateful if one existed.

Jens Erat

Posted 2014-09-05T17:23:25.737

Reputation: 14 141

I suppose I could work around this by creating a separate master keypair with the other UIDs, and if I want to, the two keys can sign each other as ultimately trusted (since I own them both). – IQAndreas – 2014-09-22T02:13:05.257

Asked: 2014-09-05T17:23:25.737

Viewed: 162 times

Active: 2014-09-05T19:07:49.733