1.4.3 // proper syntax for --edit-key cross-certify ?

vedaal at hush.com vedaal at hush.com
Thu Apr 6 17:57:56 CEST 2006

David Shaw dshaw at jabberwocky.com wrote on
Thu Apr 6 17:03:44 CEST 2006 :

>PGP generated keys are not any different than GPG generated keys 
>this regard.  Go ahead and use a ! if you like.

but currently only from the command line

what i was asking for,
is a 'option' equivalent to '!'
to put into gpg.conf so that gnupg front ends will recognize and 
use only the primary key for signing, and not the subkey
(which is still used for encryption)

!-signing-key keyid

these are the user's choices:

[1] use only command line when signing
(ok, not so terrible,
but inconvenient/difficult for some people)

[2] use only pgp for signing
and lose all gnupg's features ?!? ;-)
[not really an option for this group ;-) ]

[3] delete/revoke the subkey and use the master for both signing 
and encrypting
[as a v3 user, i can live with this ;-)  ],
but it is not the preferred way to go in terms of security,
as the signing and encrypting keys really should be separate

[4] make a new key in gnupg
(and try to get it out to everybody who trusts only your old ones),
but far less convenient than [1] and [3]
while the key is still trustworthy

is it that difficult to put the '!' feature in  the options file ?

it would be much appreciated 



Concerned about your privacy? Instantly send FREE secure email, no account required

Get the best prices on SSL certificates from Hushmail

More information about the Gnupg-users mailing list