[ubuntu-uk] Sharing PGP Keys

Ciaran Mooney general.mooney at googlemail.com
Wed Jan 21 10:24:10 GMT 2009


> Both computers are laptops, but I am the sole user for both. One is my
> personal laptop, the other is for work.

If you hand the laptop back at any point then I would, scrub the hard
drive thoroughly. But as long as you trust both computers then it
should be fine. PGP is all about trust.

> Would I be better setting up a 'personal' key and a 'work' key (in you
> opinion)?

It all depends on how much you come to rely on either key. If your
"work" key becomes the de-facto key for authenticating yourself then
it becomes more important to protect it.

You can always revoke keys that you feel have been compromised by
using the revocation certificate that you (should have) created when
you generated the keys.

As before if you trust both machines, and are paranoid about the
whereabouts and programs on both, then the need for two keys becomes
moot.

> That option only allows you to export your public key, so as I understand it I wouldn't
> be able to then use it on the second laptop to sign or encrypt?

You want to encrypt with your public key, because only the private key
will decrypt it. You want to sign files with your private key, because
only the public key is available to everyone to authenticate the
signature.

If both machines are Linux based then copying ~/.gnupg should suffice.
(I think...)

Ciarán



More information about the ubuntu-uk mailing list