David Shaw wrote:
On Tue, Nov 08, 2005 at 03:29:39PM +0100, Christoph Anton Mitterer wrote:
Yes. Many people do it this way, including myself. It's not actually
an RSA-S key (that's deprecated), but a regular RSA key with the S
flag set. However, you don't actually want to change the primary from
CS to C.
Why not? *g* Of course I could just don't use my primary key for signing
plain data,.. but I think it would be better to indicate that with the
flag, too.
Why?
Uhm,.. don't know *g* but I think the implementors of RFC2440 did not
include that without a reason =)
And again,.. is it posible to change the flag on an existing key? And
how is it done? Via a selfsignature? If so, I could change the flag to
C, indicating everybody that I'm using the primary key for
signing-other-keys-only and if someone should insist on
challenge-response I could use the --expert flag or store a local-only
version of the key (e.g. in an seperate .gnupg dir) that contains the
key with CS.
Well, sure, given a particular effect you want to achieve, you can
always come up with a hideously complicated way to do it involving
multiple copies of the key and extra work. Most people like to do it
the easy way.
Ok,.. I give up ... :'-( ;-)
Thanks anyway :)
Best wishes,
Chris.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich University of Applied Sciences;Department of Mathematics and Computer Science
adr;quoted-printable;quoted-printable:;;Lothstra=C3=9Fe 34;M=C3=BCnchen;Freistaat Bayern;80335;Federal Republic of Germany
email;internet:[EMAIL PROTECTED]
tel;home:+49 89 24409568
tel;cell:+49 172 8617341
x-mozilla-html:TRUE
url:http://fhm.edu/
version:2.1
end:vcard
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
