Do I need a PGP key?

Question

I've recently got familiar with the concept of OpenPGP public-private keys, and how to use GnuPG tool to manage PGP keys. I have three questions:

1- Is it necessary for me to have a PGP (or an OpenPGP) key? I'm an Android programmer, and an ordinary Linux user.

2- If yes, then, do I need only one PGP key, or I will need several keys for different purposes?

3- Is this belief true: Every today's computer user needs having, and using PGP keys?

Answer 1

1. "Is it necessary" depends on your individual needs. PGP lets you:
   • send/receive encrypted text
   • prove that the message came from you / verify where it came from

Are those things necessary for you? If so, then PGP provides a "pretty good" solution.

2. One PGP key is fine. For different purposes, you can use:

   • Different UIDs for different email addresses
   • Different subkeys for different devices (if one device gets lost, you can revoke only one subkey instead of your entire identity) See this answer for more detail.

3. Again, this answer depends on the individual's needs. A computer that's used only for media consumption and online shopping will be fine without; the built-in security (SSL/TLS) will cover credit card numbers, etc.

Signing Android apps is an entirely different story.

This has been answered elsewhere , but in short, create a new key (not keystore) for every app that you may one day sell/transfer. Otherwise, you may have to give someone else a key that is able to sign other apps of yours.