Secure and privacy sensitive key hirarchy, how to manage diffrent identities.
Hi,
I was crawling the web for about two hours now and can't believe that I didn't find a answer to this questions yet, because this issue should be crucial I think.
So, I used GPG for seven years now, but recently I stumbled upon an article (didn't find it again) about a pretty straight forward key hirarchy the author applied. Red that I wanted to set up my own real secure and privacy aware gpg key structure. What I want to achieve is:
- To have a very secure offline master key (thats simple and documented alot in the web).
- To have subkeys, that are signed by the master (still simple)
- To have a subkey for each purpose that just reveals the private information I want to reveal for this purpose.
- These subkeys shouldn't be identified to be in connection, with the master key. So that I will be able to decide, to reveal the information that subkey A/Identity A and subkey B/identity B are both me. Both identities should be strictly seperated to each other.
So, I would like to be able to sign with my real name or sign with a pseudonym when wished. It should not be possible to others to make a connection between theses identities.
Thank you a lot for hints, help and opinions!,
Alex.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Luke Le on 28 Aug, 2012 03:17 PM
Hi Alex,
I think this might be the blog post you're looking for.
It seems to describe a similar scenario you're trying to setup.
http://blog.dest-unreach.be/wp-content/uploads/2009/04/pgp-subkeys....
Hope that helps.
2 Posted by Alex on 28 Aug, 2012 08:32 PM
Thank you for your answer,
its a bit late and I just red through one time, will read again tomorrow. The author didn't really mention several identities though, would this be a side effect of his approach he just didn't care about?
Thanks,
Alex.
Support Staff 3 Posted by Steve on 23 Sep, 2012 02:45 PM
You can only separate identities when using different master keys. Otherwise it will most likely possible to make connections between UserIDs.
You might want to:
Create several keys (optional with several UIDs)
then sign all those keys with the one offline master-key
That way all those keys are signed by one key but you can't proof that they are owned by a single person.
Support Staff 4 Posted by Luke Le on 09 Oct, 2012 09:30 PM
Closing due to inactivity.
Please feel free to re-open.
Luke Le closed this discussion on 09 Oct, 2012 09:30 PM.