David Shaw wrote:
So I think it would be better to have the following:
primary: C, RSA-S, 4096 bit
secondary: S, RSA-S, 4096 bit
secondary: E, ElGamal, 4096 bit
Ok...
1) Is it advisable at all?
Yes. Many people do it this way, including myself. It's not actually
an RSA-S key (that's deprecated), but a regular RSA key with the S
flag set. However, you don't actually want to change the primary from
CS to C.
Why not? *g* Of course I could just don't use my primary key for signing
plain data,.. but I think it would be better to indicate that with the
flag, too.
What would be the disadvantages?
2) Can I change this with GPG (without having to create a new key, of
course)?
3) If not: Is this function going to be intruduced in GPG the next time?
4) If not: How could I do that else?
You can add a signing subkey any time you like. This doesn't flip
your primary CS key into a C only key, but that doesn't matter much.
Of course...
If GnuPG sees you have a signing subkey, it will always choose it in
favor of the primary key when making a signature.
You don't want a C only primary key because if you go to a key signing
party, you may be asked to sign a challenge to prove you own your key.
This challenge must be signed with the primary key to be valid.
Ah,.. hm ok,.. is this the only reason for not using a C-only primary key?
And again,.. is it posible to change the flag on an existing key? And
how is it done? Via a selfsignature? If so, I could change the flag to
C, indicating everybody that I'm using the primary key for
signing-other-keys-only and if someone should insist on
challenge-response I could use the --expert flag or store a local-only
version of the key (e.g. in an seperate .gnupg dir) that contains the
key with CS.
5) Would it change my primary key in such a way, that it renders the
signatures that I've already received from other users invalid?
No. This does not affect third-party signatures.
Good,.. so I could change this as often as I'd like to, correct?
Best wishes,
Chris.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich University of Applied Sciences;Department of Mathematics and Computer Science
adr;quoted-printable;quoted-printable:;;Lothstra=C3=9Fe 34;M=C3=BCnchen;Freistaat Bayern;80335;Federal Republic of Germany
email;internet:[EMAIL PROTECTED]
tel;home:+49 89 24409568
tel;cell:+49 172 8617341
x-mozilla-html:TRUE
url:http://fhm.edu/
version:2.1
end:vcard
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
