Keytypes and changing them
Christoph Anton Mitterer
cam at mathematica.scientia.net
Tue Nov 8 16:22:16 CET 2005
David Shaw wrote:
>On Tue, Nov 08, 2005 at 03:29:39PM +0100, Christoph Anton Mitterer wrote:
>
>
>>>Yes. Many people do it this way, including myself. It's not actually
>>>an RSA-S key (that's deprecated), but a regular RSA key with the S
>>>flag set. However, you don't actually want to change the primary from
>>>CS to C.
>>>
>>>
>>Why not? *g* Of course I could just don't use my primary key for signing
>>plain data,.. but I think it would be better to indicate that with the
>>flag, too.
>>
>>
>Why?
>
>
Uhm,.. don't know *g* but I think the implementors of RFC2440 did not
include that without a reason =)
>>And again,.. is it posible to change the flag on an existing key? And
>>how is it done? Via a selfsignature? If so, I could change the flag to
>>C, indicating everybody that I'm using the primary key for
>>signing-other-keys-only and if someone should insist on
>>challenge-response I could use the --expert flag or store a local-only
>>version of the key (e.g. in an seperate .gnupg dir) that contains the
>>key with CS.
>>
>>
>Well, sure, given a particular effect you want to achieve, you can
>always come up with a hideously complicated way to do it involving
>multiple copies of the key and extra work. Most people like to do it
>the easy way.
>
Ok,.. I give up ... :'-( ;-)
Thanks anyway :)
Best wishes,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cam.vcf
Type: text/x-vcard
Size: 449 bytes
Desc: not available
Url : /pipermail/attachments/20051108/896dfa91/cam.vcf
More information about the Gnupg-users
mailing list