First steps with GPG, am I off to a good start?
mailinglisten at hauke-laging.de
Fri Oct 11 03:32:11 CEST 2013
Am Fr 11.10.2013, 01:25:50 schrieb Robin Kipp:
> Invoked addkey to generate a 2048 bit RSA sub key, with
> encryption and signing capabilities.
It seems to me that the more accepted recommendation here is to have separate
subkeys for signing and encryption.
> 6. Exported all secret and public keys
> to a secure medium, also exported the secret sub keys. 7. Rebooted to my
> production system, imported the public keys and the secret subkeys.
> For public keys:
> MacBook-Pro:~ robin$ gpg --list-keys DC329876
> pub 2048R/DC329876 2013-10-10
> uid Robin Kipp <robin at robin-kipp.net>
> uid Robin Kipp <mlists at robin-kipp.net>
> uid Robin Kipp <robin at debspace.org>
> sub 2048R/77DFFF08 2013-10-10 [expires: 2013-11-09]
I know of no good reason for creating a mainkey without expiration date.
Furthermore it would be nice to have a UID without email address but with a
comment which explains the security of the key. Something like
"Robin Kipp (normal security level subkeys with offline mainkey)"
This should be explained in more detail in a key policy which you should make
publicly available and put its URL into the self signatures (see --set-policy-
url) for the UIDs (and maybe even the subkeys). You should also set your
preferred key server in the selfsigs (--default-keyserver-url).
> since this may not be widely available on keyservers just yet
> Could someone on this list perhaps be so kind and see if I've
> made any mistakes?
One may call that the best sequence of steps but one... ;-)
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 572 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users