0

I'm asking myself which one is better:

  1. Use the same PGP key pair for use with both private email addresses and business email addresses
  2. Use two separate PGP key pairs, one for private and one for business email addresses

From a cryptographic standpoint there should be no difference (assuming that I keep my private key safe). But is there any kind of best practice? I'm a little bit concerned about questions like meta data privacy, traceability and so one...

Using the same key for both makes every business partner I send an signed email know my private mail addresses.

arserbin3
  • 143
  • 4

1 Answers1

0

I use separate keys for the following reasons:

1) So my work/email is not exposed unnecessarily (not just to legit recipients but suppose a recipient's computer is compromised then you've made yourself a nice social engineering target for the bad actor since they may now have your personal and work email and possibly more if this was a work-sourced email then title and phones if in your signature)
2) So I can have different expirations
3) If I change jobs I don't have to update my home key

You would obviously also be able to have keys of differing types and sizes if that matters.

Hopefully that helps.

user1801810
  • 379
  • 1
  • 9