A Common OpenPGP Private-Key Management Scheme

Posted on 2026-03-14 Edited on 2026-03-15 In Computer Science Views:

This note records a common OpenPGP private-key management scheme.

For background, see my own note on GPG. For my honest suggestion, please read the last section.

A Common OpenPGP Private-Key Management Scheme

This note describes the scheme at the level of key-management design, not at the level of a specific software implementation. In practice, GPG is the implementation tool, and OpenPGP is the underlying standard.

The scope is limited to private key material. It does not discuss public keys, encrypted files, or revocation material.

Core Structure

The scheme separates an offline root private key from daily-use operational private keys.

The root private key is kept offline and used only for key-management work.
The operational private keys are the only private keys used in normal operation.

In GPG / OpenPGP terms, these correspond to the master private key and the private subkeys respectively.

                private-key hierarchy

                 [ Root Private Key ]
                  validity: 5 years
             role: root / key management only
                           |
          +----------------+----------------+
          |                                 |
  stored offline                    used only to create
(paper + hard drive)             or manage operational keys
          |
          v
              [ Operational Private Keys ]
                validity: 2 years each
            role: daily encryption / decryption
          +----------------+----------------+----------------+
          |                |                                 |
       MacBook           iCloud                  					YubiKey x2

Root Private Key

The root private key is never used as a daily working key. Its only purpose is key management.

Its validity period is five years. It is stored in exactly two places:

a paper record
a hard-drive copy

Its handling policy is strict:

it remains offline
it is never stored online
it is never kept on networked devices
it is never left on a regularly used computer

It may be generated on my computer initially, but after the operational private keys are created, it is deleted from the computer.

Operational Private Keys

The operational private keys are the only private keys used in normal operation. All daily encryption and decryption work is done with them.

Each operational private key has a validity period of two years. They are stored on:

my MacBook
iCloud
two portable hareware-security-key devices, such as Yubikeys. I've also dicussed this topic in my note Introduction to Hardware Security Keys.

When an operational key expires, it is retired from forward use, but not necessarily destroyed. If historical data was encrypted to that key, the corresponding old private key must still be retained for decryption.

So the scheme distinguishes between:

current operational private keys, used for present-day work
archived old decryption private keys, kept only for historical recovery

Operational Workflow

In normal practice, only the operational private keys are used. The root private key is not part of the daily workflow.

Encryption and decryption

Daily data is encrypted to the current operational encryption-capable key and decrypted with the corresponding operational private key. The root private key is not treated as a fallback decryption key for data encrypted to operational keys.

This means that the root private key alone is not sufficient to recover all historical encrypted data. If some data was encrypted to an older operational key, that old private key must still be preserved.

Key rotation

When an operational key expires, new data should be encrypted to the current operational key.

The old key is removed only after all data encrypted to it has been either:

re-encrypted to a current operational key
intentionally abandoned

Until then, old decryption-capable private keys must be archived offline.

A practical note

The following statement may be counterintuitive. Honestly speaking, I don't recommend this scheme to ordinary users.

I mean, unless you are a genuinely high-value target — for example, a government official or a billionaire — I do not think you serious key management, or even routine personal data encryption.

You usually don't need subkeys, key rotation, or a complicated archival workflow. Those things are time-consuming and rarely worth the effort.

In most cases, regular backups is enough.

If one really wants encryption, such as he wants to uploading backups to some low-reputation cloud storage services, a much simpler scheme is usually enough:

use a single master key
copy it to an external hard drive
lock that drive in a safe place

More importantly, key management is only one small part of privacy protection. In real life, privacy is often lost through much simpler failures: losing a phone, account compromise, bad backup practices, device theft, or third-party service failures.