Master Key Best Practice with SmartCard

Antoine Michard antoine.michard at chezgeek.fr
Mon Jan 25 11:08:31 CET 2016


Hi all,

In July when I've created my Master Key, I didn't use --expert option
and now my master key is Cert and Sign and got 2 subkey for encryption
(+1 revoke).

pub  4096R/0882B381  créé : 2015-07-04  expire : jamais utilisation : SC
                     confiance : ultime        validité : ultime
sub  4096R/D693C37C  créé : 2015-07-04  expire : jamais utilisation : E
sub  4096R/AF2FF242  créé : 2015-07-04  expire : 2018-07-03  utilisation : S
La clef suivante a été révoquée le 2016-01-21 par la clef RSA 0882B381
Antoine Michard <antoine.michard at chezgeek.fr>
sub  4096R/8FB824DE  créé : 2015-07-04  révoquée : 2016-01-21
utilisation : E

sub  4096R/48D8D3B6  créé : 2015-07-05  expire : 2018-07-04 utilisation : A
sub  4096R/DDCE51A2  créé : 2016-01-21  expire : 2018-07-03 utilisation : E
[  ultime ] (1). Antoine Michard <antoine.michard at chezgeek.fr>
[  ultime ] (2)  Antoine Michard <michard.antoine at gmail.com>
[  ultime ] (3)  Mitch <mitch911 at free.fr>

It's work well except that for https://encrypt.to, he use my first
encryption key and I can't decrypt it with my Smartcard.

So I thinking what is the best to do next:
- Delete my useless first subkey encryption from my keyring and send
update to key server.
- Recreate a new master key with only cert role and create all my subkey
(S E A) and copy it to my Smart Card.

What your advice on it ?? Nobody have sign my key and I can rencrypt my
data.

-- 
Antoine Michard
GPG Key: 0xF5C9E7CD0882B381

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160125/9f77ad45/attachment-0001.sig>


More information about the Gnupg-users mailing list