David Shaw dshaw at jabberwocky.com wrote on Thu Apr 6 17:03:44 CEST 2006 :
>PGP generated keys are not any different than GPG generated keys in >this regard. Go ahead and use a ! if you like. yes, but currently only from the command line what i was asking for, is a 'option' equivalent to '!' to put into gpg.conf so that gnupg front ends will recognize and use only the primary key for signing, and not the subkey (which is still used for encryption) i.e. !-signing-key keyid otherwise, these are the user's choices: [1] use only command line when signing (ok, not so terrible, but inconvenient/difficult for some people) [2] use only pgp for signing (what!? and lose all gnupg's features ?!? ;-) [not really an option for this group ;-) ] [3] delete/revoke the subkey and use the master for both signing and encrypting [as a v3 user, i can live with this ;-) ], but it is not the preferred way to go in terms of security, as the signing and encrypting keys really should be separate [4] make a new key in gnupg (and try to get it out to everybody who trusts only your old ones), ok, but far less convenient than [1] and [3] while the key is still trustworthy is it that difficult to put the '!' feature in the options file ? it would be much appreciated Thanks! vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
