Questions about generating keys

David Shaw dshaw at
Wed Aug 22 18:37:52 CEST 2007

On Wed, Aug 22, 2007 at 01:06:18PM +0300, Oskar L. wrote:
> I'm about to generate a new keypair, and got a few questions.
> I have many e-mail addresses and change them frequently, and therefore I
> don't want to have one in my public key. (Also because I'm afraid of
> getting spam.) I think this would be easier than having to update a lot of
> user IDs. Are there any any drawbacks in not having an e-mail address in
> the public key? Are there any widely used applications that will expect
> one, and not work if none is found?

Yes.  Mail programs tend to fetch keys by email address (out of
necessity - that's usually all they know about the person being

> Why is there no way to generate a RSA keypair in one step, like when you
> create a DSA/Elgamal keypair? Why do I first have to create a signing key,
> and then in a separate step create an encryption key? This is annoying.

No real reason, except it would make the list of key types very long
if every possible combination was listed (RSA primary/Elgamal subkey,
DSA primary/RSA subkey, RSA primary/RSA subkey, DSA primary/Elgamal

> "Name must be at least 5 characters long"
> Why? There are probably many people who like to go only by their first
> name, and have a 3 or 4 character name.

It's not common, and keeping a 5 character name helps prevent errors
(mistyping).  If you really have a name that short, you can use the
--allow-freeform-uid to override the test.

> Is there any way to manually set the time that will be used for the
> creation time? Or do I have to change the system time if I don't want to
> use the current time? I'm a bit of a perfectionist, and think 00:00:00
> looks much better than something like 01:42:57.

As it happens, this will probably be possible in an upcoming version,
but for other reasons.  That said: I wouldn't bother - it changes
nothing about the key and is completely cosmetic.


More information about the Gnupg-users mailing list