Multiple sub-signingkeys

Per Tunedal pt@radvis.nu
Wed Apr 30 09:56:01 2003


At 09:02 2003-04-28 +0200, you wrote:
 >[reply on list please]
 >On Saturday 26 April 2003 21:13, Per Tunedal wrote:
 >
 >> This crippled key can be used on an insecure computer, while your complete
 >> key can be used on a secure computer. When listing secret keys for the
 >> original key the primary key is shown without the #.
 >>
 >> You can thus easily see what secret keys are present in each keyring.
 >>
 >> (If I am right it might be a good idea to emphasize this on your page,
 >> Adrian!)
 >
 >I guess you mean this part:
 >+--
 >| To verify that you really don't have any secret keys you don't want, 
have a
 >| look at the output of "gpg --list-secret-keys", your primary secret key
 >| should be marked with a '#':
 >+--
 >
 >Hmm. I'm not entirely sure what exactly you feel I should clarify. Would
 >something like
 >
 >+--
 >| ...should be marked with a '#' (this means that the 'primary key' you're
 >| seeing is really only a placeholder and does not contain the secret key
 >| data.):
 >+--
 >
 >clarify it in the way you thought?
 >
 >cheers
 >-- vbi
 >
Hi Adrian,
yes that's better. But the # is not so apparent and I missed the meaning 
though I read your page several times. Maybe you should mention the 
opposite too:

e.g. "When listing secret keys for the
  original complete key the primary key is shown without the #."

The presence/absence of the # is a very cryptical (!) way of supplying very 
important information! Thus this has to be explained very thoroughly.

I would like to suggest some printout in plaintext from GPG in a future 
release!

Per Tunedal