Change Details

Especially for functional mail addresses people often share secret keys. As there is no easy way to do this the sane way (i.e. share only subkeys) a lot of people share the whole key. To make the seemingly inevitable sharing of secrets keys more secure, we want to introduce a simple Create Team Key action. //Implementation// Add a file menu item "New OpenPGP Role Key Pair..." after the "New OpenGPG Key Pair ..." entry. This just calls the default key creation dialog with an option to generate a "Role Key". A certificate with separate "certify" and "sign" and encryption subkeys is generated. After generation the user is offered to "Share Secret Role Key ...". "Save Secret Role Key..." is also a menu entry after "File"->"Export...". This menu entry is only available if the primary key has only the capability "certify". The function could be a specialized version of the "Backup Secret Keys..." function. Choosing this function offers an option/question "Export signing subkey?". If "yes", this function exports the - public certify primary key - secret and public encryption subkeys - **secret and public signing subkeys** - user-IDs + certifications If "no", this function exports the - public certify primary key - secret and public encryption subkeys - **public signing subkeys** - public certify primary key - user-IDs + certifications

Especially for functional mail addresses people often share secret keys. As there is no easy way to do this the sane way (i.e. share only subkeys) a lot of people share the whole key. To make the seemingly inevitable sharing of secrets keys more secure, we want to introduce a simple Create Team Key action. //Implementation// Add a file menu item "New OpenPGP Role Key Pair..." after the "New OpenGPG Key Pair ..." entry. This just calls the default key creation dialog with an option to generate a "Role Key". A certificate with separate "certify" and "sign" and encryption subkeys is generated. After generation the user is offered to "Share Secret Role Key ...". "Save Secret Role Key..." is also a menu entry after "File"->"Export...". This menu entry is only available if the primary key has only the capability "certify". The function could be a specialized version of the "Backup Secret Keys..." function. Choosing this function will open a dialog: ``` The following subkeys will be exported to a file. This file can be shared with team members who need to be able to open messages that are encrypted for that group. - all public subkeys - secret encryption subkey [ ] secret signing subkey Please choose if the team members shall be able to sign messages with the team key. They can sign messages with their personal private key instead. [OK] [Cancel] ```

Especially for functional mail addresses people often share secret keys. As there is no easy way to do this the sane way (i.e. share only subkeys) a lot of people share the whole key. To make the seemingly inevitable sharing of secrets keys more secure, we want to introduce a simple Create Team Key action. //Implementation// Add a file menu item "New OpenPGP Role Key Pair..." after the "New OpenGPG Key Pair ..." entry. This just calls the default key creation dialog with an option to generate a "Role Key". A certificate with separate "certify" and "sign" and encryption subkeys is generated. After generation the user is offered to "Share Secret Role Key ...". "Save Secret Role Key..." is also a menu entry after "File"->"Export...". This menu entry is only available if the primary key has only the capability "certify". The function could be a specialized version of the "Backup Secret Keys..." function. Choosing this function offers an option/question "Export signing subkey?". If "yes", this function exports the - public certify primary key - secret and public encryption subkeys - **secret and public signing subkeys**will open a dialog: ``` - user-IDs + certificationsThe following subkeys will be exported to a file. If "no", this function exports theThis file can be shared with team members who need to be able to open messages that are encrypted for that group. - all public subkeys - public certify primary key - secret encryption subkey -[ ] secret and public encryptionsigning subkeys - **public Please choose if the team members shall be able to signing subkeys** messages with the team key. - public certifyThey can sign messages with their personal primaryvate key instead. [OK] [Cancel] - user-IDs + certifications```