Am Mi 11.09.2013, 23:42:30 schrieb Philip Jägenstedt: > My public key has the default capabilities sign and certify. I've seen > that some people have only the certify capability in order to be able to > keep the main key offline most of the time.
It's of limited use to make a former online mainkey an offline mainkey. You should create a completely new key (on a secure system). > Is it technically possible to change the capabilities of an existing > key, even if there's no way to do it via --edit-key? May be possible (it surely would be with patching GnuPG) but is not necessary. It makes perfect sense to have signing (and even encryption) capability on an offline mainkey. > If it's not possible, what would be the consequence of adding a subkey > with the sign capability, which key would be used when both are > available? If there is a subkey then it is used always. I do not know though whether this is a direct effect (defined that way) or an indirect one: The creation date (and the selfsig date) of a subkey should always be after the creation date of the mainkey. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/ OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
