multiple signing keys

Marco Colombo marco@esi.it
Thu Sep 6 15:32:01 2001 

Thanx for your answer, Alex.

On Thu, 23 Aug 2001, Janusz A. Urbanowicz wrote:


> Marco Colombo wrote/napisa=B3[a]/schrieb:

> >

> > So, I think I need to:

> > - modify the expire date of the master key (with --edit-key);

> > - create a subkey (DSA, I suppose);

> > - start signing RPMs with the new key.

> >

> > I've made some tests, and now I've got a few questions:

> > a) I believe I need to re-export the public key, since the expire dat=

e

> >    of the master key is changed. But I need to do this only once (now

> >    the expire is set to never). Is it true?

>

> Yes. And you will need reexport after creation of every signing subkey.

>

> > c) do I need to generate a new encryption subkey? (I guess not)

>

> No, you don't.

>

> > d) is it correct that I can just wait for the old keys to expire, and

> >    then just delete them from my keyring, with no need to revoke them=

?

>

> No. If you want to delete old key, revoke it before.

>

> >    If I understand well, revoking a subkey will just add something to

> >    my pubkey saying 'this <keyid> is revoked', but if the key has exp=

ired

> >    it's completely useless. I can remove it from the target public ke=

yring,

> >    but that's just cleaning up. Is there a way with gpg to remove exp=

ired

> >    keys from the keyring (or does it do that automagically)?

>

> It is not useless since expired. Nothing prevents you from un-expiring =

it.

I see. So, generally speaking, it is not advisable to remove expired keys=
,
since they can be un-expired later. But if I delete the (private) key,
no one can un-expire it (not even me), true?

An example:
- I create a signing key, with expire 2002-01-01, and export it to the
  target hosts;
- On 2002-01-01, it expires.
- On 2002-01-04, I change the expire date, and sign something with it.
- I DO NOT re-export it to targets.

Do target hosts verify the signature as good or bad?  If it is good,
then I see the need to revoke the key, but then I don't understand what
'expire' means. If it is bad, then I guess I need to export the key
again to host targets. But if an attacker is able to do that
(and here the keyring on the target hosts is root's one) he can add
ANY key to the keyring.


>

> Alex

>


.TM.
--=20
      ____/  ____/   /
     /      /       /			Marco Colombo
    ___/  ___  /   /		      Technical Manager
   /          /   /			 ESI s.r.l.
 _____/ _____/  _/		       Colombo@ESI.it