This commit adds a new example to demonstrate how to generate a keypair with the recommended structure. The root secret key is signing only. It is used to sign multiple UIDs and an encryption-only subkey.
The current examples generate a root signing key without the encryption bit and without a subkey. There was a discussion in #40 about adding the encryption bit to the root key by passing in a signature packet. However, this is not the recommended structure.
This example could be used to generate a master signing key which is kept offline, with separate subkeys for signing and encryption (e.g. laptop keypair for daily use).
This may also potentially be important from a legal standpoint, since in some jurisdictions a person can be legally ordered to divulge their encryption key, but not the signing key that proves their identity (e.g. United Kingdom).
Subkeys also simplify key rotation and expiration.
This commit adds a new example to demonstrate how to generate a keypair with the recommended structure. The root secret key is signing only. It is used to sign multiple UIDs and an encryption-only subkey.
The current examples generate a root signing key without the encryption bit and without a subkey. There was a discussion in #40 about adding the encryption bit to the root key by passing in a signature packet. However, this is not the recommended structure.
This example could be used to generate a master signing key which is kept offline, with separate subkeys for signing and encryption (e.g. laptop keypair for daily use).
This may also potentially be important from a legal standpoint, since in some jurisdictions a person can be legally ordered to divulge their encryption key, but not the signing key that proves their identity (e.g. United Kingdom).
Subkeys also simplify key rotation and expiration.