best practices for creating keys
Peter Lebbing
peter at digitalbrains.com
Fri Nov 27 11:32:37 CET 2015
On 23/11/15 21:31, James wrote:
> It appears that information I had read previously was erroneous. I was
> under the impression the capabilities (at least for the primary key)
> were set in stone, hence my apprehension at avoiding those insatiable
> knobs and gears I like to tinker with. ;)
Well, GnuPG doesn't provide an easy means to change them; it could be
that you would need to edit the source. However, that is hardly an
obstacle for an attacker who can write C code...
It shouldn't be difficult to write an ugly little hack to replace your
capabilities. The first thing that comes to mind is changing the code
creating the signature that extends the expiration date to create the
signature that sets capabilities. Compile, run, throw away.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list