Re: Does the Debian gpg key infrastructure support multiple sub-keys?

[Henrique de Moraes Holschuh <hmh@debian.org>]

On Fri, 22 Oct 2004, Rob Browning wrote:
> If I added a new sign/encrypt sub-key to my Debian key, would I be
> able to use that to sign and upload packages?  Would the Debian

Yes, mostly.  Some stuff (db.d.o and vote.d.o come to mind, but I am not
sure about that) require you to always sign using the master key.  gpg lets
you do that, so it is not a problem.  The archive tools don't care and will
use subkeys happly, as they should (either that, or debsign is being quite
ingenuous and telling gpg to always use the master key :-) thus I never
noticed any problems).

> keyserver and the Debian upload infrastructure be able to handle it?

Yes, without any problems.

> If not, would I at least be able to add the sub-key for non-Debian
> uses without causing trouble with the Debian infrastructure?

The subkeys cause no problems in Debian.  But make sure to never let the
master key expire, and to upload a new subkey to keyring.d.o a few _months_
before all of your subkeys expire...

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh