>> It's work well except that for https://encrypt.to, he use my first >> encryption key and I can't decrypt it with my Smartcard. > > I'd report an issue to encrypt.to maintainer. > encrypt.to also doesn't handle correctly the case when more than one key > matches speceificed short key id, e.g. https://encrypt.to/0x70096AD1, > the shown fingerprint doesn't change when you change selection.
I've previously report my problem too but I don't have any reply yet !! >> So I thinking what is the best to do next: >> - Delete my useless first subkey encryption from my keyring and send >> update to key server. > > Once you've published a subkey it stays published. Deleting a previously > published subkey only removes it from your local machine. It won't stop > others from finding it on the keyservers and trying to use it. > > If you want to explicitly mark a subkey as "do not use" (but you do not > believe that it has been compromised), then give it an expiration date > of yesterday and republish. There's no particular reason to delete your > local copy of the subkey (and there may be very good reasons not to, > e.g. old encrypted data). > > NB expiration can be undone, but revocation cannot. > > (Remembering our previous conversation, you may instead want to expire > your smartcard encryption subkey, and copy the other encryption subkey > to the smartcard - but only if you have made a decrypted copy of all > your sensitive data first.) I've already revoke my encryption key on my smartcard, thanks to you and it works like a charm. (like I said in my previous mail :) ). And I didn't know if you delete a subkey you won't delete it on key server. Thx Again Andrew. You are an incredible source of GPG knowledge >> - Recreate a new master key with only cert role and create all my subkey >> (S E A) and copy it to my Smart Card. > > This will just create additional confusion for you, because there will > now be two certificates associated with your name. It's not the end of > the world, but i don't think it would solve your problem as cleanly as > the above approach. You were right !! Bad idea ^_^ Thanks all again !! Maybe I will revoke my first encryption key. It's on my offline Master key so I will not use it day-to-day. And recreate my master key is not a good idea. Last question: Clean option will only clean locally or on key server too ?? Antoine Michard GPG Key: 0xF5C9E7CD0882B381 Le 25/01/2016 14:59, Daniel Kahn Gillmor a écrit : > On Mon 2016-01-25 05:08:31 -0500, Antoine Michard wrote: >> So I thinking what is the best to do next: >> - Delete my useless first subkey encryption from my keyring and send >> update to key server. > > If you don't want people to encrypt messages to your D693C37C subkey, > you should revoke that subkey (and only that subkey), and publish your > updated certificate to the keyservers. > > Just deleting the subkey from your certificate locally won't delete the > associated copy on the keyserver, or provide anyone else with any > indication that you don't intend to continue using it. > >> - Recreate a new master key with only cert role and create all my subkey >> (S E A) and copy it to my Smart Card. > > This will just create additional confusion for you, because there will > now be two certificates associated with your name. It's not the end of > the world, but i don't think it would solve your problem as cleanly as > the above approach. > > hth, > > --dkg >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
