[linux-elitists] OT: new GPG key

David Shaw dshaw@jabberwocky.com
Wed Jun 11 15:42:41 PDT 2003


On Wed, Jun 11, 2003 at 09:52:59PM +0100, Karsten M. Self wrote:
> I've decided it's time to start signing mail again...
> 
> Note that this is a general purpose, eternal key (my old key expired
> April of this year).  I extended it by one day from today to sign my
> current key (inconsistent handling of expiry date modifications of keys
> makes this impractical in a general sense).  Unfortunately, this means 
> my existing trust ring has also expired.  Note that this key is not 
> being used in the most secure of environments (portable and remote 
> systems, included), but it should be suitable for pedestrian threats.  
> I also wanted to forego a bunch of queries about why I was showing up 
> with a new key (though you're right to be suspicious).

Use a signing subkey.  It's the ideal way to handle the usual problem
of using portable and remote systems without having to make multiple
keys to do it.  It also means you don't need to get re-signed all the
time.

There are a few minor gotchas (all versions of GnuPG can handle it,
but only PGP 8 can verify the messages in PGP), but it works quite
well.

David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 261 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030611/a9582327/attachment.pgp 


More information about the linux-elitists mailing list