key management

J. Michael Ashley
Tue, 28 Sep 1999 20:08:01 -0500 (EST)

Hash: SHA1

Andreas Jellinghaus wrote:

> but old versions of my key are floating around, and most of them still have
> the old email addresses included.
> no i want to migrate to gnupg. my preferences are :
> - there must be a way to get rid of old email addresses. realy.
> - this could be done with one key per email address. but i donīt want
> to have everyone subscribe several keys. one signature on one key
> sh ould be enough. maybe some master/slave key or so ?
Have a look at the GnuPG user manual for a discussion about this. To summarize, you cannot get rid of old email addresses unless you have the cooperation of everybody who has a copy of your public key. The best you can do is revoke your self-signature on the user IDs you want to discard. This does not invalidate the key but should discourage correspondents from using the user ID to identify you. The user manual elaborates on why this is the rules of the game, but I certainly sympathize with your wish to have a "clean" key. It just doesn't work that way I'm afraid.
> any example how people manage their keys would be nice. for example the
> use of separete keys for signing and encryption, or master/slave, or
> yearly expired key and master key, or whatevery you have ...
I am trying to collect scenarios of how people manage their keys and use GnuPG depending on their security needs. I want to use such concrete examples in subsequent revision of the manual. If anybody out there wants to contribute, please submit. Blatant plug to all on the list: if you have not checked the documentation project page since you downloaded GnuPG 1.0, there have been additions to the manual in which you may be interested. Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see iEYEARECAAYFAjfxZnQACgkQBwMqlokEyOIoOQCg2JHCBZ7JTUw15h1VsMNCkIfo /YgAoN8uBZ1tIDRmPhA7EtHiJxYvfus0 =h+Qc -----END PGP SIGNATURE-----