[plug] GPG on different machines

Christian christian at amnet.net.au
Mon Jul 31 16:38:21 WST 2000 

On Sun, Jul 30, 2000 at 09:25:50PM -0400, Subba Rao wrote:
> 
> I have installed GNU PG on 2 different machines. The different user accounts on these
> machines are identical. Very likely, I plan to have 2 sets of keys for each user account,
> one for each machine. Are there any good practices regarding the number of keys a user
> may have?

It sounds a little odd to have separate keys for separate accounts but,
assuming you know what you are doing, there are plenty of valid uses for
this.  A user can have as many keys as he/she likes really although for
each key pair you have, it becomes increasingly harder to manage them
(separate 30+ passphrases PER KEY, differing identities etc.)

Still, I recommend you have separate keys for signing and encrypting;
because signing and encrypting are the inverse of one another it's good
to keep the two separate.  It's probably good to have a DSA key since it
is the official standard and all that but you may not want to sign any
long-term, important documents with it given it has a maximum modulus
length of 1024 bits.  ElGamal under GNUPG is quite happy up to 2048
which is probably more than most people will need for a long while.  My
advice is two separate keys for signing and encrypting of 1024 bits and,
if you are going to possibly receive highly valuable/confidential
messages and/or sign long-term, important documents then it may be worth
generating an 2048 bit set of signing and encrypting key pairs.

> Once the keys are generated, where do I keep the public key? Is there a public
> server for the GPG public keys?

It depends.  Some people advise not to publicise your public key since,
under some laws in some countries, anything done with a registered key
owned by you is legally binding.  On the other hand, I don't think the
laws are quite as advanced here and, if you're careful with how you use
the software then there isn't really a problem.  There are several key
servers you can register your keys at but the most popular seems to be
keyserver.net.  Make sure you read all about how it works before you
register and, if you go ahead, make sure your keys have a reasonable
expiry date on them (e.g., < 2 years).

Regards,

Christian.

More information about the plug mailing list