1.4.3 // proper syntax for --edit-key cross-certify ?
vedaal at hush.com
vedaal at hush.com
Thu Apr 6 17:57:56 CEST 2006
David Shaw dshaw at jabberwocky.com wrote on
Thu Apr 6 17:03:44 CEST 2006 :
>PGP generated keys are not any different than GPG generated keys
in
>this regard. Go ahead and use a ! if you like.
yes,
but currently only from the command line
what i was asking for,
is a 'option' equivalent to '!'
to put into gpg.conf so that gnupg front ends will recognize and
use only the primary key for signing, and not the subkey
(which is still used for encryption)
i.e.
!-signing-key keyid
otherwise,
these are the user's choices:
[1] use only command line when signing
(ok, not so terrible,
but inconvenient/difficult for some people)
[2] use only pgp for signing
(what!?
and lose all gnupg's features ?!? ;-)
[not really an option for this group ;-) ]
[3] delete/revoke the subkey and use the master for both signing
and encrypting
[as a v3 user, i can live with this ;-) ],
but it is not the preferred way to go in terms of security,
as the signing and encrypting keys really should be separate
[4] make a new key in gnupg
(and try to get it out to everybody who trusts only your old ones),
ok,
but far less convenient than [1] and [3]
while the key is still trustworthy
is it that difficult to put the '!' feature in the options file ?
it would be much appreciated
Thanks!
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
More information about the Gnupg-users
mailing list