Hi Teemu, thank you for the fast and good informations. I learned, that my key is not capable to encrypt, but to sign mails.
This was a long time good enough for me, as no one wanted encrypted mails from me. I also learned, that I made a mistake in 2007, when I created the keys, that I created the wrong form (DSA and ElGamal). At that time, I did not know better. So, today I created a new keypair (with RSA4096 and a loooooong Mantra), which I will use in the future, too. The old key will be used as a signing key for a while. The old key can only be changed either for enryption or for signing, but not both. So, the easiest solution was to create a new one. In the last hours I learned a lot and read a lot and I believe, I now better understand how it works. Here I can now only say: Thank you (and all the other guys) for your great help and your hints. Best regards Hans > Let's look at your key: > > > $ gpg --list-options show-unusable-subkeys,no-show-uid-validity \ > --list-keys Ullrich > > pub dsa1024 2007-12-05 [SC] > 984893FB397A9E4E4834898FE27C63AA5F093FF8 > uid Hans-J. Ullrich [...] > uid Ullrich-IT-Consult [...] > sub elg2048 2007-12-05 [E] [expired: 2008-12-04] > > > It tells us that your master key (dsa1024) has [SC] capabilities, which > means that it can create message signatures [S] and certificates [C]. > The key also has a subkey (elg2048) with encryption [E] capabilities but > the subkey has expired in 2008-12-04 so it is not used anymore. > > You can create a new encryption subkey if you want to add an encryption > capability: --edit-key + addkey. You can also modify the expiration date > of your existing subkey: --edit-key + key 1 + expire.
