multiple signing keys

JanuszA.Urbanowicz JanuszA.Urbanowicz
Thu Aug 23 17:16:02 2001

Marco Colombo wrote/napisa=B3[a]/schrieb:

> So, I think I need to:
> - modify the expire date of the master key (with --edit-key);
> - create a subkey (DSA, I suppose);
> - start signing RPMs with the new key.
> I've made some tests, and now I've got a few questions:
> a) I believe I need to re-export the public key, since the expire date
> of the master key is changed. But I need to do this only once (now
> the expire is set to never). Is it true?
Yes. And you will need reexport after creation of every signing subkey.
> c) do I need to generate a new encryption subkey? (I guess not)
No, you don't.
> d) is it correct that I can just wait for the old keys to expire, and
> then just delete them from my keyring, with no need to revoke them?
No. If you want to delete old key, revoke it before.
> If I understand well, revoking a subkey will just add something to
> my pubkey saying 'this <keyid> is revoked', but if the key has expired
> it's completely useless. I can remove it from the target public keyrin=
> but that's just cleaning up. Is there a way with gpg to remove expired
> keys from the keyring (or does it do that automagically)?
It is not useless since expired. Nothing prevents you from un-expiring it. Alex --=20 C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | = * =09 ; (_O : +-------------------------------------------------------------+ --= +~|=09 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka= =BFde z=B3o | l_|/=09 A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d= no; | | =20