multiple signing keys
JanuszA.Urbanowicz
JanuszA.Urbanowicz
Thu Aug 23 17:16:02 2001
Marco Colombo wrote/napisa=B3[a]/schrieb:
>=20
> So, I think I need to:
> - modify the expire date of the master key (with --edit-key);
> - create a subkey (DSA, I suppose);
> - start signing RPMs with the new key.
>=20
> I've made some tests, and now I've got a few questions:
> a) I believe I need to re-export the public key, since the expire date
> of the master key is changed. But I need to do this only once (now
> the expire is set to never). Is it true?
Yes. And you will need reexport after creation of every signing subkey.
> c) do I need to generate a new encryption subkey? (I guess not)
No, you don't.
> d) is it correct that I can just wait for the old keys to expire, and
> then just delete them from my keyring, with no need to revoke them?
No. If you want to delete old key, revoke it before.
> If I understand well, revoking a subkey will just add something to
> my pubkey saying 'this <keyid> is revoked', but if the key has expired
> it's completely useless. I can remove it from the target public keyrin=
g,
> but that's just cleaning up. Is there a way with gpg to remove expired
> keys from the keyring (or does it do that automagically)?
It is not useless since expired. Nothing prevents you from un-expiring it.
Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | =
* =09
; (_O : +-------------------------------------------------------------+ --=
+~|=09
! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no; | | =20