Hi Daniel.
On Sun, 2009-02-01 at 18:49 +0100, Daniel A. Nagy wrote:
As far as I know, this is the primary use case for subkeys. I have a different
signature subkey on every computer that I use and the same encryption subkey.
The primary key is not installed anywhere.
That's what I do, but additionally I have multiple encryption subkeys.
I think that having different encryption subkeys is pointless.
Why? If I'd only have one single encryption subkey and if I'd store it
(including the private key) at work. Klaus our evil sysadmin (just
kidding ;) ) would not only be able to read my business mail, but also
encrypted data sent to my home-address. Or am I messing something up?
While it is not
in the standard (maybe it should), all OpenPGP implementations encrypt to the
most recent valid encryption subkey.
I think that's the default (even with signing subkeys),... but e.g. in
gnupg you can simply specify the key you want to use, if I recall
correctly.
2. When I make signatures with my different subkeys, I'd like that
people see it when I used my not-so-secure work signing subkey (perhaps
something that the user agent adds like <User ID> + "(this is my
unsecury work signing key)".
Not a bad idea. I think using the user id with your work email address in the
corresponding subpacket would accomplish this.
Yes, but this wouldn't tell anybody which subkey to use in case of
encryption or to expect in case of signing.
Regards,
--
Christoph Anton Mitterer
Ludwig-Maximilians-Universität München
christoph(_dot_)anton(_dot_)mitterer(_at_)physik(_dot_)uni-muenchen(_dot_)de
mail(_at_)christoph(_dot_)anton(_dot_)mitterer(_dot_)name
smime.p7s
Description: S/MIME cryptographic signature