Keytypes and changing them
David Shaw
dshaw at jabberwocky.com
Tue Nov 8 15:42:11 CET 2005
On Tue, Nov 08, 2005 at 03:29:39PM +0100, Christoph Anton Mitterer wrote:
> >Yes. Many people do it this way, including myself. It's not actually
> >an RSA-S key (that's deprecated), but a regular RSA key with the S
> >flag set. However, you don't actually want to change the primary from
> >CS to C.
> >
> >
> Why not? *g* Of course I could just don't use my primary key for signing
> plain data,.. but I think it would be better to indicate that with the
> flag, too.
Why?
> And again,.. is it posible to change the flag on an existing key? And
> how is it done? Via a selfsignature? If so, I could change the flag to
> C, indicating everybody that I'm using the primary key for
> signing-other-keys-only and if someone should insist on
> challenge-response I could use the --expert flag or store a local-only
> version of the key (e.g. in an seperate .gnupg dir) that contains the
> key with CS.
Well, sure, given a particular effect you want to achieve, you can
always come up with a hideously complicated way to do it involving
multiple copies of the key and extra work. Most people like to do it
the easy way.
> >>5) Would it change my primary key in such a way, that it renders the
> >>signatures that I've already received from other users invalid?
> >>
> >>
> >No. This does not affect third-party signatures.
> >
> >
> Good,.. so I could change this as often as I'd like to, correct?
If such a feature existed in GnuPG, yes.
David
More information about the Gnupg-users
mailing list