Edit 2025-06-17: changed the terms according to meeting results
Especially for functional mail addresses people often share secret keys. As there is no easy way to do this the sane way (i.e. share only subkeys) a lot of people share the whole key.
To make the seemingly inevitable sharing of secrets keys more secure, we want to introduce a simple Create Team Key action.
Implementation
Add a file menu item "New OpenPGP Team Key Pair..." after the "New OpenGPG Key Pair ..." entry.
This just calls the default key creation dialog with an option to generate a "Team Key".
A certificate with separate "certify" and "sign" and encryption subkeys is generated.
After generation the user is offered to "Share Secret Team Key ...".
"Save Secret Team Key..." is also a menu entry after "File"->"Export...".
Tooltip: "Save this secret key to share with other team members."
The menu entry is only available if the primary key has only the capability "certify".
The function is a specialized version of the "Backup Secret Keys..." function.
Choosing this function will open a dialog:
The following subkeys will be saved to a file. This file can be shared with team members who need to be able to read messages that are encrypted for that key. * All public subkeys * Secret encryption subkey [ ] Secret signing subkey Please choose whether team members should be allowed to sign messages using the team key. Alternatively, they can use their personal key to sign. [OK] [Cancel]