How to create a GPG key with subkeys | pseudo-scripter

Home > Interesting > How to create a GPG key with subkeys

How to create a GPG key with subkeys

October 14, 2022 Rodnee Leave a comment Go to comments

I wanted to create a GPG key – so far so good. The problem is that I also wanted to use GPG on multiple devices, ideally even on my phone. I could have – in theory – copied the key over to all the needed machines, but that would have been a terrible idea. What if I lose my phone/laptop? My key would be compromised and I’d be left with no other choice than revoking it and losing all the previous signatures.

That’s when subkeys come in.

Subkeys are almost identical to normal key pairs, except they can’t be used for signing other people’s keys, they’re bound to a master key pair, and – here comes the interesting part! – they can be revoked independently from the master key.

So, in practical terms, they allow me to do the following: create a master key pair, create a subkey pair, remove the master key from my laptop, store it in a safe place, move on with my encrypting/decrypting life as usual. If catastrophe strikes, I retrieve my master key from its safe place, revoke the subkey, create a new subkey pair and I’m ready to go – and since each link of the Web of Trust is connected to the UID of the master key, my reputation stays untouched.

The only problem with all this workflow is that it requires a bunch of steps and I have the tendency to forget them pretty quickly. So, for the sake of my future self (or anyone else who might found them useful) here it is the whole process.

https://railslide.io/create-gpg-key-with-subkeys.html

Categories: Interesting Tags: cryptography

Comments (0) Trackbacks (0) Leave a comment Trackback

No comments yet.

No trackbacks yet.

Leave a comment Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

GPG Subkeys 9 Practices that Haunt Developers Working with Scrum