Mainkey with many subkeys??
gnupgpacker
gnupgpacker at on.yourweb.de
Mon Dec 8 16:28:49 CET 2014
Hello,
> -----Original Message-----
> From: Kristian Fiskerstrand
> Sent: Monday, December 08, 2014 12:44 PM
>
>> Main key has options SC. There is an active newer signing key S, so
>> this will be always used for signing?
> Correct
Why has the mainkey SC if signing is not used? Are there some compatibility reasons?
>> And what's about backward compatibility?
> Backwards compatibility in which capacity? Encryption subkeys are well
> supported, signing subkeys are not supported by older versions of PGP,
> but people should not be using these versions anyways.
I am working on some new keypairs with backwards compatibility, pls see this thread:
http://lists.gnupg.org/pipermail/gnupg-users/2014-December/051808.html
Some corporate partners are still using older versions of Symantec's PGP with WinXP, mostly for intranet. Problems with signing keys are known, sometimes it works, sometimes not. It is very difficult to rate compatibility because Symantec's enterprise support (!) isn't be able to send me old PGP versions for testing.
Compatibility seems to be depending on order of subkey creation:
If encryption key is latest, it is working.
If signing key is latest, mostly it is not working.
DSA signing keys are only accepted if max 2048 bit!?
If signing key is not the latest one and will be exchanged, it steps to last position => mostly not working.
And so on...
Best combination found so far:
Example-keystructure:
pub 4096R/97CA9679 erzeugt: 2014-11-22 verfällt: niemals Aufruf: C
Vertrauen: uneingeschränkt Gültigkeit: uneingeschränkt
sub 4096R/9D22119A erzeugt: 2014-11-22 verfällt: 2016-11-21 Aufruf: A
sub 2048D/37F05D01 erzeugt: 2014-11-22 verfällt: 2016-11-21 Aufruf: S
sub 4096R/884627F6 erzeugt: 2014-11-22 verfällt: 2016-11-21 Aufruf: E
[ unbek.] (1). vorname nachname (kommentar) <name at edu.com>
Is there any possibility to change order of subkeys in keypair?
Thanks for any hint, regards, Chris
More information about the Gnupg-users
mailing list