Certification-only key

Lionel Elie Mamane lionel at mamane.lu
Mon Sep 5 21:35:50 CEST 2005 

On Mon, Sep 05, 2005 at 01:46:07PM -0400, David Shaw wrote:
> On Mon, Sep 05, 2005 at 04:41:40PM +0200, Lionel Elie Mamane wrote:

>> I tried to generate an RSAv4 certification-only key with GnuPG, but
>> failed, even in "expert mode".

>> Is this impossible with GnuPG? Is it a bad idea? Why? Do I
>> misunderstand the RFC?

> It's not impossible - 1.4.3 (not released yet) supports certify-only
> keys like you want.

OK, thanks.

> It's not necessarily a good idea though: some people before agreeing
> to sign a key will ask for a signed message to prove that you "own"
> the secret portion of the key they are about to sign.

I would obviously have at least one data-signing subkey. I presume
these people would take a signature from such as subkey. Or decryption
of a nonce they sent me encrypted to an encryption subkey.

> Why do you want such a key?

First, separation of roles. Doesn't hurt. More importantly, my wishes
on the primary key and on data signature keys are different. The
primary key is my electronic identity; it should be humongous. If it
can hold secure for all my life, then I want it to. My data
signatures, on the other hand, for most of them, a week of security is
enough (but sometimes a few years is nice). Paying the cost of big
signature size is less worth it, at least until computers again get
too fast or factorisation becomes easier or ... Maybe I even *want*
them to fade away into fakability over time. Who knows what I will be
in twenty years? I may be so unlucky as to be a politician then. I
wouldn't want some of my teenage opinions or acts to haunt me back,
would I?

You could argue I could have this without marking the key as
certificate-only, by never issuing data signatures with the primary
key. That's harder on me. I have to be more cautious. Over the course
of twenty years, I *will* screw up.

Now, I'm starting to wonder if I can retroactively change the
capabilities of the key. I just have to reissue the self-signature on
the UserIDs, right? (Yes, I'd have to hack GnuPG to allow me to change
the key flags.)

-- 
Lionel

More information about the Gnupg-users mailing list