Especially for functional mail addresses people often share secret keys. As there is no easy way to do this the sane way (i.e. share only subkeys) a lot of people share the whole key.
To make the seemingly inevitable sharing of secrets keys more secure, we want to introduce a simple Create Team Key action.
//Implementation//
Add a file menu item "New OpenPGP Role Key Pair..." after the "New OpenGPG Key Pair ..." entry.
This just calls the default key creation dialog with an option to generate a "Role Key".
A certificate with separate "certify" and "sign" and encryption subkeys is generated.
After generation the user is offered to "Share Secret Role Key ...".
"Save Secret Role Key..." is also a menu entry after "File"->"Export...".
This menu entry is only available if the primary key has only the capability "certify".
The function could be a specialized version of the "Backup Secret Keys..." function.
Choosing this function offers an option/question "Export signing subkey?".
If "yes", this function exports the
- public certify primary key
- secret and public encryption subkeys
- **secret and public signing subkeys**
- user-IDs + certifications
If "no", this function exports the
- public certify primary key
- secret and public encryption subkeys
- **public signing subkeys**
- public certify primary key
- user-IDs + certifications