Should I use a gpg subkey for work (not so secure) environment?



I'm trying to use gpg to encrypt and sign messages, but I use different computers (desktop, notebook, office) so I'm not sure how to manage private keys in those environments.

Should I use a copy of the private key in each computer or may be I have to use different sub-keys for each environment. Is that even possible/recommended?


Should I use --export-secret-subkeys to export my private key to my work environment without compromising the master key? Can I use a different pass-phrase for the differnt keys/environments?


Posted 2014-09-30T13:00:31.190

Reputation: 403



You PGP key actually contains more than just the master key (used to sign other keys and your own subkeys, and what actually is signed by other users): one subkey for signing messages (optional, usually is the master key itself, but not necessarily) and one for encrypting content. More info on the Debian Wiki and on the GNU Privacy Handbook.

So... You could keep your master key only on a secure device, allowing you to exchange your signing and encryption keys without your peers having to verify and sign new keys. By keeping your master key safely stored, you could have a more vigorous key rotation policy without creating too much work for others. Also, in the even of a suspected or confirmed leek of subkey secret material, you could revoke them without much hassle.

I personally use a two subkey setup (also check this question), not only to keep the master key reasonably secure, but also because I use different key sizes: the master key has 4096 bits, the signing and encryption subkeys have only 3072 bits.

On the other hand, if the environments don't overlap much, it would be best to use completely different PGP keys, greatly minimizing the damage from any possible vulnerability.

Additionally, you could (should) use very long random passphrases for you keys on the least secure devices.

Jonas Malaco

Posted 2014-09-30T13:00:31.190

Reputation: 359


There is no way to attach a subkey to a specific user ID. There is not even a way to define any preferences on which subkeys others should use for encryption; most implementations will just use the newest one.

If you want to sign only, using multiple subkeys is fine (if there only is a single signing subkey, this one will be chosen). If you want to receive encrypted mail,

  • either use a single encryption (sub)key which you will exchange if needed (exchanging subkeys is cheap and easy) or
  • use multiple primary keys for different places/"roles", for example private and work.

Jens Erat

Posted 2014-09-30T13:00:31.190

Reputation: 14 141