On Fri, Aug 21, 2015 at 6:49 PM, Peter Lebbing <pe...@digitalbrains.com> wrote: > On 21/08/15 11:31, Dongsheng Song wrote: >> But I still did't know why the master key have sign and certify >> capabilities in the default ? > > I suppose because it doesn't hurt. They're both signatures in essence; > cryptographically they are the same and exchangable. The difference only > lies in the interpretation. > > Also note that anyone who has access to the primary key material can > issue data signatures at will. They could either add the Sign capability > to the key or (easier) create a new subkey with which to issue signatures. > > The actual reason why the default is as it is can probably best be > answered by someone else, though, since I can only guess. >
Maybe create more subkey need more entropy, gain enough entropy need very long time ? Now I want to create my new key like this: sec rsa4096/93D374EB 2015-08-22 [C] uid [ultimate] example <exam...@someone.xyz> ssb rsa2048/466D08E1 2015-08-22 [S] ssb rsa2048/AD92E667 2015-08-22 [E] ssb rsa2048/07DEFA25 2015-08-22 [A] ssb ed25519/AE83BE7C 2015-08-22 [S] ssb cv25519/0FACE148 2015-08-22 [E] ssb ed25519/610E5096 2015-08-22 [A] If something bad happened to my subkeys, I can create new subkeys as well. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
