On Mon 2016-08-08 15:18:40 -0400, Dominik George wrote:
> I was thinking about moving from rsa4096 to ed25519.
>
> I really do not want to lose all the signatures on my key.
>
> What I could do is add the ed25519 signature and encryption keys to my
> existing rsa key as subkeys, but I guess this will not improve security
> because my RSA signature key could still be used.
>
> From my understanding it is not possible to expire the primary key and keep
> subkeys.
that is correct.
> Did I get something wrong? If not, what is the smoothest thing to do to
> migrate?
Now is not a good time to migrate, especially if you want to keep all of
your certifications intact. Many people do not have access to a version
of GnuPG that is capable of supporting elliptic curve crypto, even on
the public side (encrypting data, verifying signatures).
You'd be better off waiting to migrate unless you have a very specific
use case with a group of peers who you know will be able to use those
keys with you.
--dkg
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
