On Sun, Jan 11, 2015 at 8:34 PM, Brian Dolbec <dol...@gentoo.org> wrote: > But for the rest, yes, you don't need gkeys to create your key, It is > just most people seem to know little about using gpg, so creating the > template where you just filled out name, email, password, makes it easy.
Makes sense. I can always create a new account, create a key, export/import, and delete the account. That will avoid messing with config files and such. > > From the above, it looks like you also need to create a signing subkey > with a preferred 1 yr. expiry. But it can be 5 years max. too. You > may also want to add an encryption subkey for encrypted email and such. >From docs I was reading it sounds like a signing and encryption subkey are created by default (two keys total). Is there any difference between a "main key" and a subkey? I have to admit that I haven't kept up with gpg features over the years. > > I added a little more info to the First-Use wiki page, I included a > link to a great webpage about setting up gpg keys. > > https://alexcabal.com/creating-the-perfect-gpg-keypair/ > > there are lots more, but I like that one, it is clear, concise,... >From that site: By default GPG creates one signing subkey (your identity) and one encryption subkey (how you receive messages intended for you)...Use GPG to add an additional signing subkey to your keypair. This new subkey is linked to the first signing key. Now we have three subkeys. But, whatever. If we want a total of three keys in the key then I don't really have a problem with that. I'm not sure what it buys you other than lots of confusion about how to sign the right thing with the right key. :) -- Rich
