Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is there a way to have your master identity key offline and delegate even certifications (signing other people's keys) to a subkey?

To be honest, signing other people's keys is one of the _more_ frequent activities I do with PGP, and I'd rather be able to independently revoke that key without tossing my identity.



The Debian Wiki might have a similar use case here: https://wiki.debian.org/subkeys

Have a look if that helps you!


You need an air-gapped computer. An old (circa 2000 or so) laptop running some unix-like is probably best.

I'm involved in a project to produce a cheap hardware widget to make this kind of thing easier (http://cryptome.org/2013/10/bitcoin-usb-gpg.htm) but it is not yet in production.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: