ben at adversary.org
Fri Mar 25 10:21:34 CET 2016
On Tue, Mar 22, 2016 at 10:56:27PM +0000, Andrew Gallagher wrote:
> IMHO the only thing to do with E-usage primary keys is revoke them
> and start again from scratch. The only reason they are even still
> allowed in GPG is for backwards compatibility, right...?
Primary keys MUST be C-usage and MAY be SCA usage, by default they're
SC, but simply creating an S-usage subkey moves the S function to the
subkey (by default GPG will select the newest subkey with a given
capability to perform that function). Since default key generation
does not include authentication (A) keys for SSH, the result is
usually an SC master with an E subkey of matching bit sizes.
Some people like to fiddle (i.e. use expert mode), so you may see keys
with only C set for the primary key and subkeys for everything else.
I like to fiddle too, but selected a middle of the road option (SC for
primary, but an additional S subkey and an E subkey).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 630 bytes
Desc: not available
More information about the Gnupg-users