Am Di 24.09.2013, 00:21:09 schrieb Chuck Peters: > I attended a small key signing party Saturday after generating a new key > with multiple subkeys with the notion of having a email signing keys on > less secure systems like my VPS (using mutt) and a separate subkey for > each computer or device.
Would you explain that in more detail? I am not sure whether that makes sense. > So I can keep my primary key off the > network and use it only for signing other peoples keys. You should consider not only storing the key offline but using it in a safe environment only. Besides managing your own and other keys it makes sense to use it for signing very important data (like your key policy). > Another sensible precaution is to have different passphrases for each of > these subkeys. However when working with the full key set when I > attempted to change the passphrase for a subkey, it also changed the > passphrase for the main key. I'm assuming at this point when I separate > the keys, I can change the passphrase as planned... Is this a bug? GnuPG can use keys with subkeys which have different passphrases but it cannot create such keys (at least not with "normal operation"). This is not a bug, just a missing feature. > OK, the FAQ is the first I heard about subkey cross-certification. Is > that info current and correct? What is recommended? Don't care about that, it's handled automatically. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/ OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
