GnuPG Manual and Digital Signatures

Todd A. Jacobs nospam@codegnome.org
Mon Sep 24 10:44:02 2001



>From the manual:
Typically, a digital signature has a long lifetime, e.g., forever, and you also do not want to lose the signatures on your key that you worked hard to collect. On the other hand, the encryption subkey may be changed periodically for extra security, since if an encryption key is broken, the attacker can read all documents encrypted to that key both in the future and from the past.
>From this, and other sections of the text, it appears to be saying that
there is no security implication in someone cracking the master key because it is only used to sign, and not to encrypt. To my way of thinking, though, the fact that someone might be able to forge my signature is at least as big a problem as allowing them to intercept messages with a compromised subkey. Have I misunderstood the manual on this point? Am I wrong in thinking that a signing key which never expires represents a danger? -- Work: It's not just a job, it's an indenture.