GPG keypairs

GPG keys are different from other private keys because each GPG key includes a master key and associated subkeys. While there are no technical differences between a master key and subkey, the responsibilities of these keys remain separate to enhance security.

We recommend that the master key only be used for creating subkeys and the subkeys be used for signing. In the event that a subkey is compromised, this will allow you to revoke and replace the affected subkey, while the master key and uncompromised subkeys remain secure. The identity of the key is associated with the master key; therefore, if the master key is compromised, the identity of the master key and all associated subkeys are compromised and must be revoked and replaced.