Am Fr 11.10.2013, 01:25:50 schrieb Robin Kipp: > Invoked addkey to generate a 2048 bit RSA sub key, with > encryption and signing capabilities.
It seems to me that the more accepted recommendation here is to have separate subkeys for signing and encryption. > 6. Exported all secret and public keys > to a secure medium, also exported the secret sub keys. 7. Rebooted to my > production system, imported the public keys and the secret subkeys. > For public keys: > MacBook-Pro:~ robin$ gpg --list-keys DC329876 > pub 2048R/DC329876 2013-10-10 > uid Robin Kipp <ro...@robin-kipp.net> > uid Robin Kipp <mli...@robin-kipp.net> > uid Robin Kipp <ro...@debspace.org> > sub 2048R/77DFFF08 2013-10-10 [expires: 2013-11-09] I know of no good reason for creating a mainkey without expiration date. Furthermore it would be nice to have a UID without email address but with a comment which explains the security of the key. Something like "Robin Kipp (normal security level subkeys with offline mainkey)" This should be explained in more detail in a key policy which you should make publicly available and put its URL into the self signatures (see --set-policy- url) for the UIDs (and maybe even the subkeys). You should also set your preferred key server in the selfsigs (--default-keyserver-url). > since this may not be widely available on keyservers just yet > Could someone on this list perhaps be so kind and see if I've > made any mistakes? One may call that the best sequence of steps but one... ;-) Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/ OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
