On 22/08/15 17:25, Dongsheng Song wrote:
> Now I want to create my new key like this:
>
> sec rsa4096/93D374EB 2015-08-22 [C]
> uid [ultimate] example
> ssb rsa2048/466D08E1 2015-08-22 [S]
> ssb rsa2048/AD92E667 2015-08-22 [E]
> ssb rsa2048/07DEFA25 2015-08-22 [A]
> ssb ed25519/
On Fri, Aug 21, 2015 at 6:49 PM, Peter Lebbing wrote:
> On 21/08/15 11:31, Dongsheng Song wrote:
>> But I still did't know why the master key have sign and certify
>> capabilities in the default ?
>
> I suppose because it doesn't hurt. They're both signatures in essence;
> cryptographically they a
Dongsheng Song writes:
> Hi all,
>
> When I create new master/sub key, in the following 2 choice, I'm
> wondering which is better?
>
> 1) master key have SCEA capabilities
>
> sec rsa4096/A19676A1
> created: 2015-08-20 expires: never usage: SCEA
> trust: ultimate validity:
On 21/08/15 11:31, Dongsheng Song wrote:
> But I still did't know why the master key have sign and certify
> capabilities in the default ?
I suppose because it doesn't hurt. They're both signatures in essence;
cryptographically they are the same and exchangable. The difference only
lies in the int
Thanks, now I see why I should use a exclusively subkey for
authenticate capability.
But I still did't know why the master key have sign and certify
capabilities in the default ? I think the sign capability should move
to a exclusively subkey.
___
Gnupg
On 20/08/15 17:01, Peter Lebbing wrote:
> Most importantly, it's generally advised not to do encryption and
> signing with the same key material.
This is just a general recommendation, and abusing the fact a key is
used for both encryption and signatures is an intricate matter. But
since OpenPGP
> When I create new master/sub key, in the following 2 choice, I'm
> wondering which is better?
I'd recommend the defaults as best practice. They're there for a reason.
Why are you restricting yourself to "the following 2 choices"? They both
seem ill-advised (and unusual as well). Most importantly
Hi all,
When I create new master/sub key, in the following 2 choice, I'm
wondering which is better?
1) master key have SCEA capabilities
sec rsa4096/A19676A1
created: 2015-08-20 expires: never usage: SCEA
trust: ultimate validity: ultimate
ssb rsa4096/27ADD750
create
; > --with-colons
>
> It does not show that. It dumps the packets. The key capabilities
> need to be computed.
As a curiosity, what does computation of key capabilities involve? Is
keyring required for it?
Best regards
P.S.
@Werner: Sorry for sending the mail directly to
On Fri, 12 Apr 2013 03:00, mailinglis...@hauke-laging.de said:
> That is an inconsistent explanation. If --list-packets "can" show data from
> signatures without checking the signatures then obviously --with-colons
It does not show that. It dumps the packets. The key capabil
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Branko Majic asked:
> I'm trying to find a way to list the key capabilities of a key before
> importing it. I can obtain some basic information by using the command
> (I've seen this one in the mailing list archives):
In ad
Am Do 11.04.2013, 23:43:39 schrieb Werner Koch:
> On Thu, 11 Apr 2013 22:48, bra...@majic.rs said:
> > Btw, is there any particular reason why the gpg2 --with-colons key.pub
> > command does not list key capabilities?
>
> It can't do that because it does not do any si
On Thu, 11 Apr 2013 22:48, bra...@majic.rs said:
> Btw, is there any particular reason why the gpg2 --with-colons key.pub
> command does not list key capabilities?
It can't do that because it does not do any signature verification. For
that we would need to look at the entire key a
he repository
where the public keys for encryption are stored.
The script includes commands for adding/removing a key from that local
directory keyring, so I was hoping to check the keys being imported to
it for key capabilities.
I'm thinking of trying out the gpgme library, Python bind
On Thu, 11 Apr 2013 00:28, mailinglis...@hauke-laging.de said:
> 2) You import the key but direct it to a different keyring, see
> --keyring
> --secret-keyring
> --primary-keyring
> --no-default-keyring
You better use a temporary directory. This is far easier than to play
with all the options an
Am Mi 10.04.2013, 22:57:53 schrieb Branko Majic:
> Hello all,
>
> I'm trying to find a way to list the key capabilities of a key before
> importing it. I can obtain some basic information by using the command
> (I've seen this one in the mailing list archives):
>
&
Hello all,
I'm trying to find a way to list the key capabilities of a key before
importing it. I can obtain some basic information by using the command
(I've seen this one in the mailing list archives):
gpg2 --with-colons test.key
The only catch being that the above command will no
Christoph Anton Mitterer wrote:
> Cryptographically it is about the same as normal signing, it simly
> denotes that a key may be used to sign other keys.
Jep, I just stumbled on GPG not displaying it (because
I was just creating a key that will mainly be used to
sign other keys). Thanks, Christop
Olaf Gellert wrote:
When I generate an RSA key, GPG provides the capabilities
sign, encrypt and authenticate (in expert mode), but
not certification.
Certification is always used automatically for the primary (signing) key.
If you edit your key (gpg --edit-key ) you'll see a "Usage: CS" for
On Thu, Nov 17, 2005 at 02:34:06PM +0100, Olaf Gellert wrote:
> Hi,
>
> I have read about the following key capabilites:
>
> - sign
> - encrypt
> - authenticate
> - certification
>
> When I generate an RSA key, GPG provides the capabilities
> sign, encrypt and authenticate (in expert mode), but
Hi,
I have read about the following key capabilites:
- sign
- encrypt
- authenticate
- certification
When I generate an RSA key, GPG provides the capabilities
sign, encrypt and authenticate (in expert mode), but
not certification.
Is certification somethin that is actually implemented
or planne
On Sun, 10 Apr 2005 08:51:23 -0400, J Wren Hunt said:
> Is there any public documentation on how to implement this? The only way
> I've seen thus far to implement this is to use patched versions of the
> SSH daemon which I'm rather loathe to do if there's an
> easier/more-supported way. Thx!
The
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
David Shaw wrote:
| Authentication is signing a challenge (like ssh does). The
| Authentication stuff can be used to log in to a machine using your GPG
key.
|
Is there any public documentation on how to implement this? The only way
I've seen thus
On Fri, Apr 01, 2005 at 06:33:13PM +0200, [EMAIL PROTECTED] wrote:
> What is the meaning of usage/capabilities listings for
> keys(shown, for
> example, during edit-keys interactive sessions)?
> S -> sign
> E -> encrypt
> C -> ?
> A -> ?
> looking at doc/DETAILS I found
> C -> certification
> A ->
What is the meaning of usage/capabilities listings for
keys(shown, for
example, during edit-keys interactive sessions)?
S -> sign
E -> encrypt
C -> ?
A -> ?
looking at doc/DETAILS I found
C -> certification
A -> authentication
But I dont' understand the difference between
certification,
authenti
25 matches
Mail list logo
