Best practices for dealing with OpenPGP subkeys #22

ralienpp · 2022-12-06T12:41:30Z

ralienpp
Dec 6, 2022

The subkey feature of OpenPGP compartmentalizes a system by associating multiple key-pairs with a "master" pair. Each pair can be revoked independently (i.e. when an employee leaves, or when a server was compromised).

Is such functionality exposed by SignServer? Or is it assumed that the with the use of HSMs, the keys are secure enough to make the concept of subkeys irrelevant?

ralienpp · 2023-04-17T14:32:18Z

ralienpp
Apr 17, 2023
Author

@KarolinHem can you confirm that this is not supported, even in the enterprise version?

I didn't find anything about it in the docs, nor did I see anything related to it by clicking around the web interface of the enterprise version. I presume this is not available so far, but I'd like to confirm that.

In the web-interface I see that master keys are marked as such, therefore I think it is not an unreasonable assumption that subkeys are also supported (if not in the web interface, perhaps by SSHing into the server?):

[excerpt from the worker properties]

   PGP Public key:
      Master key: true

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Best practices for dealing with OpenPGP subkeys #22

{{title}}

Replies: 1 comment

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

Best practices for dealing with OpenPGP subkeys #22

ralienpp Dec 6, 2022

Replies: 1 comment

ralienpp Apr 17, 2023 Author

ralienpp
Dec 6, 2022

ralienpp
Apr 17, 2023
Author