Mainkey with many subkeys??

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Mon Dec 8 12:43:41 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 12/08/2014 10:12 AM, gnupgpacker wrote:
> Kristian, I am a little bit confused about your key design ;)

Fair enough,

> 
> Main key has options SC. There is an active newer signing key S, so
> this will be always used for signing?

Correct

> 
> And there are two active encryption keys E: GPG uses in my opinion
> only the key generated latest, isn't it?

Normally yes, the reason there is currently two active is that I
generate new encryption subkeys once a year, and we're now in overlap
with one of them expiring at the end of this year. For users
refreshing the keyring they will normally use the newest one already,
but this overlap reduce the likelihood of unavailability due to expiry.

> 
> So how to desire which key is used?
> 
> And what's about backward compatibility?

Backwards compatibility in which capacity? Encryption subkeys are well
supported, signing subkeys are not supported by older versions of PGP,
but people should not be using these versions anyways.

> 
> Thanks for any hint, regards, Chris
> 
> 
>> -----Original Message----- From: Gnupg-users
>> [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Kristian
>> Fiskerstrand Sent: Sunday, December 07, 2014 10:16 PM Tomo:
>> you'll find that my key have a few subkeys at least due to these 
>> practises. It doesn't provide any issue for either keyservers or
>> to use more generally, but you are correct in that the
>> information is retained.
> 


- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Qui audet vincit
Who dares wins
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUhY7rAAoJEPw7F94F4Tag3yUQAICnV50KMARiBgGMlvEc7Lmt
eck7/pO0h9VddCSWcMa05tsQOdyqN09n+usNiIbjQESIMMLu9SUVUxcj53SfWFan
DYMSWr913m7jGrUGSJTeQmbEJn2O8yDqlNV7XYo0omJ+tz6aAbflwX4WG2dTkzLq
mDb4RIEuf1og7tQe9yxEORr39wWO2hG/72jHur2xdMOjIX8MZ0OPgDy3Cc0Us7dh
xjSk4OZ2kdWk18OS4P024CIb4dKKAs/zmUuWrlLhPSuzSaT+xfXAtPkLCFoAYsNA
YeHcCJccpiFThtlgIVLHaDVydWjIk05R+kW28nIGLx9euOUJgDEp/M8hdsLmDB3f
8ersFiJMvgcrf/QjCqA3rnmeO1wuUl5cErkLIn0XexJwyhnvpZFa0xyqOJBXqyjd
UZ4O7fM/2WGhH3tC+fzCP0AjLU69eCjs1ExO/83Pr3pu1Na09Ld4oQJXbCq+XveG
8OqsDzh16mgw70lckKMdYHoRytuQBQCXh4NHrSVHj//sw4I43MDsCR4HsVcuP4WW
znm5hTB5FAekJ/Q7zL2oo0fr6Z51AIBw61aF4ex093gZo06E/w0YhDXnz8Yf/fdX
9PDNTn9NAl1/VAOmtG0QEzl2o+u3fvYGkqIhuu6dnpq7Z6d8nIYIv62wG5xCZHwb
PHkPnqriZVGHD4Ozk6Dv
=UNme
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list