Mailinglist Archive: opensuse-security (69 mails)

< Previous Next >
PGP key implementation question
  • From: HG <hg.list@xxxxxxxxx>
  • Date: Tue, 10 Oct 2006 08:51:30 +0300
  • Message-id: <6f133dde0610092251x16a45705vfa845d1d814b14d9@xxxxxxxxxxxxxx>
Hello!

Sorry, this is not quite the right place, but as I previously got good
answers about the PGP servers from you guys, I thought that maybe
somebody could help me again.
(Plus I tried to subscribe to the PGP mailing list, but either it's
down as nothing happened or completely gone as the website was not
found...)

Ok, rolling out PGP at a small company. This is what I'm thinking.
1) Master signing key that is used to sign every key
- Not uploaded to keyservers, just on the https-page with fingerprints and all
- No encryption key
- No email
- My key added as revokation key
Q: should I sign this?
Q: if https-page is not available (from our IT), should I then sign
this (my key will be uploaded to the key servers)?
Q: should the global revokation key be added also
2) Global revokation key (Only use is to revoke other keys)
- Signed by the master key
Q: Does this need the encryption key, or should I delete it also?
Q: If it needs, then it needs a email address also?
Q: Should this be uploaded to the key server
3) ADK
- Not uploaded to keyservers
- Signed by the master key
- AFAIK, needs an encryption key and therefore an email address?
- Will be split later on (when I learn that stuff)
4) Individual email keys
- Global revokation key as the revoking key
- ADK added as the ADK key
- Signed by the master key
- added to the key servers

How does this sound?


--
HG.

< Previous Next >
This Thread
Follow Ups