key management
J. Michael Ashley
jashley@acm.org
Tue, 28 Sep 1999 20:08:01 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andreas Jellinghaus wrote:
> but old versions of my key are floating around, and most of them still have
> the old email addresses included.
>
> no i want to migrate to gnupg. my preferences are :
> - there must be a way to get rid of old email addresses. realy.
> - this could be done with one key per email address. but i donīt want
> to have everyone subscribe several keys. one signature on one key
> sh ould be enough. maybe some master/slave key or so ?
Have a look at the GnuPG user manual for a discussion about this.
To summarize, you cannot get rid of old email addresses unless you
have the cooperation of everybody who has a copy of your public key.
The best you can do is revoke your self-signature on the user IDs you
want to discard. This does not invalidate the key but should discourage
correspondents from using the user ID to identify you.
The user manual elaborates on why this is the rules of the game, but
I certainly sympathize with your wish to have a "clean" key. It just
doesn't work that way I'm afraid.
> any example how people manage their keys would be nice. for example the
> use of separete keys for signing and encryption, or master/slave, or
> yearly expired key and master key, or whatevery you have ...
I am trying to collect scenarios of how people manage their keys and use
GnuPG depending on their security needs. I want to use such concrete
examples in subsequent revision of the manual. If anybody out there
wants to contribute, please submit.
Blatant plug to all on the list: if you have not checked the documentation
project page since you downloaded GnuPG 1.0, there have been additions
to the manual in which you may be interested.
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjfxZnQACgkQBwMqlokEyOIoOQCg2JHCBZ7JTUw15h1VsMNCkIfo
/YgAoN8uBZ1tIDRmPhA7EtHiJxYvfus0
=h+Qc
-----END PGP SIGNATURE-----