RSA subkeys

Atom Smasher atom at smasher.org
Thu Feb 3 17:24:39 CET 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, 3 Feb 2005, David wrote:

> Hello,
>
> I'm using gpg 1.2.1 on RH9.
=============

gpg 1.4 is better. no comment on RH9.


> I consider generating RSA key as described:
>
> master 2048 RSA key sign only, used for signing sub-keys, doesn't expire
>                 |
>                 |- 2048 RSA sign sub-key, for signing docs, expires
>                 |
>                 |- 4096 RSA encryption sub-key, expires
>
> 1. I plan to generate a new sub-key shortly before the previous one
>   expires. Will my recipients consider the new sub-key as valid since
>   it is signed by the master key?
================

why not update the expiration date on the subkeys, and keep them? if 
they're not compromised there's no reason to throw them away.


> 2. Are there any compatibility issues I should consider?
=================

RSA support is optional in rfc2440. i've been using an RSA only key for a 
while with no problems, mostly with other gpg users.


- -- 
         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"The shepherd drives the wolf from the sheep's for which
 	 the sheep thanks the shepherd as his liberator, while the
 	 wolf denounces him for the same act as the destroyer of
 	 liberty. Plainly, the sheep and the wolf are not agreed
 	 upon a definition of liberty."
 		-- Abraham Lincoln

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJCAlBNAAoJEAx/d+cTpVcifcgIAIU35WoazW2SArq1tZoENtS0
IONPyp8KvoMkqgcDXFomHNd56yeDqtdSeuXjnwQQI+hsh+NBXzZPC2By/EoZi3FI
V8EQpj6g5jCitvxfZHmdU17R6DlDhndh+wp1kT8bP6IHOQFmrptopyhta0tBD2od
9SylW8krjz1ChjPEeEhEeM8PP9hxVgcWwg4c0oH6B2VLTToC3P21nzD/Qm77y0/x
dzEhoYFAjP7SeOp269kAZCyxnhrU2mE9TF9zuyyYn36t93OTRbuf4xVwz46rcCiB
BEKc7KBovb3263Y1FcXYpXm6qDujDyyaqPcR+tMTJ9xXEvSUk54dOjYxmu5iiYM=
=hGI4
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list