Hello Folks! How do I restructure my keys from current/old setup to new setup?
Current/Old Setup: PrimaryKey - CS SubKey - E New Setup: PrimaryKey - C SubKey1 - E Subkey2 - S I think of two options. Option 1: Create new SubKey with E-only and change usage of PrimaryKey to C-only.The major caveat is I'll have to update the fingerprint of signing key at multiple places.
Option 2:Create new PrimaryKey with C-only and add the OldPrimaryKey+OldSubKey as SubKeys. I came across this option in this post, https://security.stackexchange.com/questions/32935/migrating-gpg-master-keys-as-subkeys-to-new-master-key This way, I don't have to update my signing key fingerprint at multiple places and continue using same signing key for consistency.
Is Option 2 safe to do so?I tried something else (Option 3?) that is close to Option 2. I created new PrimaryKey with C-only. Then by editing new PrimaryKey, I did 'addkey' with the option 'Existing key' and used the keygrip of old PrimaryKey. The new PrimaryKey now has the old PrimaryKey as its SubKey. While the migrated key has same keygrip at both places, the fingerprint differs, which is a bummer (caveat of Option 1).
Thoughts? Regards, Raghav "RG" Gururajan.
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
