best practices for creating keys

Peter Lebbing peter at
Fri Nov 27 11:32:37 CET 2015

On 23/11/15 21:31, James wrote:
> It appears that information I had read previously was erroneous. I was
> under the impression the capabilities (at least for the primary key)
> were set in stone, hence my apprehension at avoiding those insatiable
> knobs and gears I like to tinker with. ;)

Well, GnuPG doesn't provide an easy means to change them; it could be
that you would need to edit the source. However, that is hardly an
obstacle for an attacker who can write C code...

It shouldn't be difficult to write an ugly little hack to replace your
capabilities. The first thing that comes to mind is changing the code
creating the signature that extends the expiration date to create the
signature that sets capabilities. Compile, run, throw away.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list