Keytypes and changing them

Christoph Anton Mitterer cam at
Tue Nov 8 16:22:16 CET 2005

David Shaw wrote:

>On Tue, Nov 08, 2005 at 03:29:39PM +0100, Christoph Anton Mitterer wrote:
>>>Yes.  Many people do it this way, including myself.  It's not actually
>>>an RSA-S key (that's deprecated), but a regular RSA key with the S
>>>flag set.  However, you don't actually want to change the primary from
>>>CS to C.
>>Why not? *g* Of course I could just don't use my primary key for signing 
>>plain data,.. but I think it would be better to indicate that with the 
>>flag, too.
Uhm,.. don't know *g* but I think the implementors of RFC2440 did not 
include that without a reason =)

>>And again,.. is it posible to change the flag on an existing key? And 
>>how is it done? Via a selfsignature? If so, I could change the flag to 
>>C, indicating everybody that I'm using the primary key for 
>>signing-other-keys-only and if someone should insist on 
>>challenge-response I could use the --expert flag or store a local-only 
>>version of the key (e.g. in an seperate .gnupg dir) that contains the 
>>key with CS.
>Well, sure, given a particular effect you want to achieve, you can
>always come up with a hideously complicated way to do it involving
>multiple copies of the key and extra work.  Most people like to do it
>the easy way.
Ok,.. I give up ... :'-(   ;-)

Thanks anyway :)

Best wishes,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cam.vcf
Type: text/x-vcard
Size: 449 bytes
Desc: not available
Url : /pipermail/attachments/20051108/896dfa91/cam.vcf

More information about the Gnupg-users mailing list