Ben McGinnes ben at adversary.org
Fri Mar 25 10:21:34 CET 2016

On Tue, Mar 22, 2016 at 10:56:27PM +0000, Andrew Gallagher wrote:
> IMHO the only thing to do with E-usage primary keys is revoke them
> and start again from scratch. The only reason they are even still
> allowed in GPG is for backwards compatibility, right...?


Primary keys MUST be C-usage and MAY be SCA usage, by default they're
SC, but simply creating an S-usage subkey moves the S function to the
subkey (by default GPG will select the newest subkey with a given
capability to perform that function).  Since default key generation
does not include authentication (A) keys for SSH, the result is
usually an SC master with an E subkey of matching bit sizes.

Some people like to fiddle (i.e. use expert mode), so you may see keys
with only C set for the primary key and subkeys for everything else.
I like to fiddle too, but selected a middle of the road option (SC for
primary, but an additional S subkey and an E subkey).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: not available
URL: </pipermail/attachments/20160325/e2a3f147/attachment.sig>

More information about the Gnupg-users mailing list