On Tue, Mar 22, 2016 at 11:56 PM, Andrew Gallagher <andr...@andrewg.com> wrote:
> On 22 Mar 2016, at 22:10, Dashamir Hoxha <dashoho...@gmail.com> wrote: > > On Tue, Mar 22, 2016 at 10:21 PM, Peter Lebbing <pe...@digitalbrains.com> > wrote: >> >> And why is your primary key capable of encryption? One of the reasons for >> subkeys is so you don't have to use the same key material for both >> encryption >> and signing, since this opens up some subtle points of attack that are >> easily >> avoided. >> > > What is wrong with that? As long as there is a subkey for encryption, gpg > will use the subkey for encryption, even if the primary key is capable of > encryption. > > > Please please for the love of all that is sweet and beautiful in the world > don't make an encryption-usage primary key. If you ignore everything else > Peter has said, please don't ignore this. There are no benefits whatsoever > to making an E-usage primary key, and plenty of reasons not to. And unlike > expiry dates which can be fixed later, once you have E enabled on a primary > key you can't remove it without hacking the innards of the data structure. > > IMHO the only thing to do with E-usage primary keys is revoke them and > start again from scratch. The only reason they are even still allowed in > GPG is for backwards compatibility, right...? > I fixed it: https://github.com/dashohoxha/egpg/commit/d21ccdb42de6f48f316a19aadec93bfd9b7d55ca Is it OK to have a signing primary key? Is it useful?
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
