Keytypes and changing them

Christoph Anton Mitterer cam at
Tue Nov 8 12:27:13 CET 2005

Hi folks!

Ok,.. I know that you can set at least the following flags to specify 
the purpose of a key:
A - authorsation
C - certification
E - encryption
S - signation

Ok,.. as far as I understood, if a key is C-only that this indicates 
that it is used solely for signing other keys, but not for signing 
normal data, correct?

Ok,.. I thought about that and came to the result - correct me if I'm 
wrong - that it would be more secure to use the primary key only for 
certificating other keys (and of course for self-sigs).

Ok my current key looks like the following:
primary: CS, RSA-S, 4096 bit
secondary: E, ElGamal, 4096 bit

So I think it would be better to have the following:
primary: C, RSA-S, 4096 bit
secondary: S, RSA-S, 4096 bit
secondary: E, ElGamal, 4096 bit

1) Is it advisable at all?
2) Can I change this with GPG (without having to create a new key, of 
3) If not: Is this function going to be intruduced in GPG the next time?
4) If not: How could I do that else?
5) Would it change my primary key in such a way, that it renders the 
signatures that I've already received from other users invalid?

Best wishes,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cam.vcf
Type: text/x-vcard
Size: 449 bytes
Desc: not available
Url : /pipermail/attachments/20051108/206b6edd/cam.vcf

More information about the Gnupg-users mailing list