First steps with GPG, am I off to a good start?

Robin Kipp mlists at robin-kipp.net
Sat Oct 12 00:53:30 CEST 2013


Hi Hauke,

Am 11.10.2013 um 03:32 schrieb Hauke Laging <mailinglisten at hauke-laging.de>:

> 
> It seems to me that the more accepted recommendation here is to have separate 
> subkeys for signing and encryption.

That's something I simply wasn't sure about, but now I have revoked the old subkey, generated 2 new ones and submitted the new key to a keyserver. I will append the new public key at the end as well.

> I know of no good reason for creating a mainkey without expiration date.

Thanks! I changed that to something more reasonable for the main key now as well.

> 
> Furthermore it would be nice to have a UID without email address but with a 
> comment which explains the security of the key. Something like
> 
>   "Robin Kipp (normal security level subkeys with offline mainkey)"

This is something I'm not really sure about, for the reasons that Daniel pointed out in his reply - putting in such a 'dummy UID' might confuse someone wanting to sign my key, as it cannot be verified.
> 
> This should be explained in more detail in a key policy which you should make 
> publicly available and put its URL into the self signatures (see --set-policy-
> url) for the UIDs (and maybe even the subkeys). You should also set your 
> preferred key server in the selfsigs (--default-keyserver-url).

As for the key policy, I'm still considering what to put in there. Right now, I'm just more concerned about my knowledge of GPG in general and getting my keys right, as I wouldn't want to sign someone else's key before my knowledge and understanding is more mature.
As for the preferred keyserver, I think Daniel's comment on that makes sense. For example, I use eu.pool.sks-keyservers.net, which links to a pool of servers rather than just a single server. I'm not sure if putting in an address like that would make sense at all…
Robin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20131012/417c4188/attachment.sig>


More information about the Gnupg-users mailing list