Keytypes and changing them

David Shaw dshaw at
Tue Nov 8 15:42:11 CET 2005

On Tue, Nov 08, 2005 at 03:29:39PM +0100, Christoph Anton Mitterer wrote:
> >Yes.  Many people do it this way, including myself.  It's not actually
> >an RSA-S key (that's deprecated), but a regular RSA key with the S
> >flag set.  However, you don't actually want to change the primary from
> >CS to C.
> > 
> >
> Why not? *g* Of course I could just don't use my primary key for signing 
> plain data,.. but I think it would be better to indicate that with the 
> flag, too.


> And again,.. is it posible to change the flag on an existing key? And 
> how is it done? Via a selfsignature? If so, I could change the flag to 
> C, indicating everybody that I'm using the primary key for 
> signing-other-keys-only and if someone should insist on 
> challenge-response I could use the --expert flag or store a local-only 
> version of the key (e.g. in an seperate .gnupg dir) that contains the 
> key with CS.

Well, sure, given a particular effect you want to achieve, you can
always come up with a hideously complicated way to do it involving
multiple copies of the key and extra work.  Most people like to do it
the easy way.

> >>5) Would it change my primary key in such a way, that it renders the 
> >>signatures that I've already received from other users invalid?
> >>   
> >>
> >No.  This does not affect third-party signatures.
> > 
> >
> Good,.. so I could change this as often as I'd like to, correct?

If such a feature existed in GnuPG, yes.


More information about the Gnupg-users mailing list