Web lists-archives.com

Re: Syncing GnuPG between 2 system




Jim Popovitch wrote:

> On Sat, 2018-09-29 at 09:50 -0400, Roberto C. Sánchez wrote:
>> If all you care about is the public keys for verifying signatures,
>> then I say don't bother trying to proactively sync.  Just let each
>> system get keys and key updates from the public keyservers as needed.
> 
> OK, that makes sense, and seems to be the popular opinion.
> 
>> Your original message seemed to inidicate that you wanted to both
>> verify signatures and also produce signatures on multiple
>> machines.  That was why I provided the link to the article on subkeys,
>> as I consider that to be the only sensible way to have signing
>> capabilities on multitple devices related to a single GnuPG
>> key.  Perhaps I misread your email in that regard.
> 
> 
> You read my email correctly.  I did quickly read and have bookmarked
> your link.  Thank you for that.
> 

IMO you sign based on the e-mail you use. IMO it is confusing with multiple
machines. A key is associated with identity -> the email.
With the sub keys you can add more identities. 
Still to encrypt you need the private key. It is sufficient to update the
private key on the other machines. You usually do not copy it over internet
connection. Some people use secure key cards, other encrypted usb sticks or
md/sd whatever cards.

the public keys are uploaded to the key server after updated (for example
signed by you) and downloaded/updated on the other machines when needed.

It is up to you to decide how you handle your security. It is a sensitive
topic, so general reading and understanding of the matter is required,
before proceeding in real life.

regards