Change Details

Especially for functional mail addresses people often share secret keys. As there is no easy way to do this the sane way (i.e. share only subkeys) a lot of people share the whole key. To make the seemingly inevitable sharing of secrets keys more secure, we want to introduce a simple Create Group Key action. The group key creation dialog should ask what the intended usage is and according to the feedback create a primary key with only certification usage and a) one subkey each with usage encrypt and sign or b) one subkey with usage encrypt. See link to internal wiki for info on possible usage scenarios. After creation, the export of the secret subkey(s) will be offered. Of course we need the special export function for group keys in the menu, too.

Especially for functional mail addresses people often share secret keys. As there is no easy way to do this the sane way (i.e. share only subkeys) a lot of people share the whole key. To make the seemingly inevitable sharing of secrets keys more secure, we want to introduce a simple Create Team Key action. //Implementation// Add a file menu item "New OpenPGP Role Key Pair..." after the "New OpenGPG Key Pair ..." entry. This just calls the default key creation dialog with an option to generate a "Role Key". A certificate with separate "certify" and "sign" and encryption subkeys is generated. After generation the user is offered to "Share Secret Role Key ...". "Save Secret Role Key..." is also a menu entry after "File"->"Export...". This menu entry is only available if the primary key has only the capability "certify". The function could be a specialized version of the "Backup Secret Keys..." function. Choosing this function offers an option/question "Export signing subkey?". If "yes", this function exports the - public certify primary key - secret and public encryption subkeys - **secret and public signing subkeys** - user-IDs + certifications If "no", this function exports the - public certify primary key - secret and public encryption subkeys - **public signing subkeys** - public certify primary key - user-IDs + certifications

Especially for functional mail addresses people often share secret keys. As there is no easy way to do this the sane way (i.e. share only subkeys) a lot of people share the whole key. To make the seemingly inevitable sharing of secrets keys more secure, we want to introduce a simple Create GroupTeam Key action. //Implementation// The group key creation dialog should ask what the intended usage is and according to the feedback create a primary key with only certification usage and a) one subkey each with usage encrypt and sign or b) one subkey with usage encryptAdd a file menu item "New OpenPGP Role Key Pair..." after the "New OpenGPG Key Pair ..." entry. This just calls the default key creation dialog with an option to generate a "Role Key". See link to internal wiki for info on possible usage scenariosA certificate with separate "certify" and "sign" and encryption subkeys is generated. After generation the user is offered to "Share Secret Role Key ...". After creation"Save Secret Role Key..." is also a menu entry after "File"->"Export...". This menu entry is only available if the primary key has only the capability "certify". The function could be a specialized version of the "Backup Secret Keys..." function. Choosing this function offers an option/question "Export signing subkey?". If "yes", the export of the secret subkey(s) will be offered.is function exports the - public certify primary key - secret and public encryption subkeys - **secret and public signing subkeys** - user-IDs + certifications If "no", Of course we need the special export function for group keys in the menu, too. this function exports the - public certify primary key - secret and public encryption subkeys - **public signing subkeys** - public certify primary key - user-IDs + certifications