Hi, On 06/11/2018 09:30 AM, Max-Julian Pogner wrote: > *) should i revoke the uid on the old key? => However, as far as i > know, the secret key is not / was never compromised.
This is probably the best option in my opinion, since you will no longer use that key with this email address. Revoking a UID is not the same as revoking a key, and does not imply that the associated secret key has been compromised (if a key has been compromised you should revoke the key itself, not the UID). Most often it simply means "I no longer use that UID". Note that when revoking the UID you will have the option of specifying a reason for the revocation. > *) Also, other persons have signed the UID > max-julian.pog...@openresearch.com at key 0x2D40BDB44401A8AA without > expiration date. What should they do? With regard to your old key, they don't have anything to do. Your revocation of the UID takes precedence over their signatures. With regard to your new key, you might want to ask them if they could sign it. One way to do that is to send them an email signed by both the old key and the new key, so that they know you control both keys. > Thanks for any hints! Here's another possibility: Have you considered using an OpenPGP card? This would allow you to keep your private keys under your control, even when you use them on your employer-provided system. Hope that helps, Damien
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users