some beginner questions

Will Senn wsenn1 at twu.edu
Sat Apr 1 16:10:55 CEST 2017


Hi,

I am a relative newbie at using gnupg. I've tried it over the years, but
never really committed to using it fully until now. Now, I plan to use
gnupg for email and additional information security on a daily basis. I
have read quite a few books and feel like I have a pretty good grasp of
the basics. I have several practical questions:

1. It seems that the keyservers never forget. In creating keypairs while
trying to figure this out every few years and then forgetting the
passwords or losing the private keys and revocation certificates (which
at the time, I didn't understand the ramifications of and was definitely
not careful enough), it seems like I've left a bit of litter out there.
Do I just move on and try not to do that in the future, or is there any
hope for cleaning up?

2. In everyday use, what is the norm for folks to publish their keys to
get other folks to use them? Do y'all put the fingerprint in your
emails, attach your signatures (I see some of you on this list do), put
the key on your social media, or what?

3. I've read
https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems
and other such pieces proclaiming the value of having the master key in
a safe place and having subkeys on your actual devices. I've following
the guides and it seems that I am unable to actually sign anything with
the subkey, gpg complains with gpg: signing failed: No secret key. gpg
-K shows:

sec#  rsa4096 2017-03-11 [SC]
      EA940B8B4625EC287C3BF93FFE9E46E0FBAAB459
uid           [ultimate] Will Senn <wsenn1 at twu.edu>
ssb   rsa4096 2017-03-30 [E]
ssb   rsa2048 2017-03-30 [S] [expires: 2019-03-30]
ssb   rsa2048 2017-03-30 [E] [expires: 2019-03-30]

The second ssb is a signing key [S], so what's up with that, or in other
words, how do I tell gpg to use the signing subkey?

4. Is it safe to refer to my public key/fingerprint information as I did
in the previous question with output from gpg?

Thanks,

Will


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170401/a644ca79/attachment-0001.sig>


More information about the Gnupg-users mailing list