Timeline for GPG masterkey and subkey for encryption and signature and default keys
Current License: CC BY-SA 4.0
9 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Feb 8, 2022 at 11:37 | comment | added | Boson Bear | Oh is it simply that one doesn't need to go through the "initial" pubkey distribution process again, or to re-gain trust, etc. because essentially your identity is associated with the primary key? I think I'm getting it after reading more of the PGP trust model, but please correct me if I'm wrong. | |
| Feb 8, 2022 at 11:30 | comment | added | Boson Bear | What I'm confused with is the following: when you revoke a compromised subkey and create a new subkey, the public part of the new subkey will nevertheless be updated on the keyserver, i.e. it needs to be re-distributed. Why is this viewed as simpler/ less hustle compared to generating a whole new PGP key set altogether? I sense there's probably something I'm missing... | |
| Jun 14, 2020 at 22:29 | comment | added | Jivan Pal | @JonathanCross @MorganCourbet You can use --edit-key to get to the gpg> prompt, and then use the hidden command change-usage to change the capabilities that a key or subkey has. See here. | |
| Oct 21, 2018 at 21:19 | comment | added | Morgan Courbet | @JonathanCross I think I've tried just after I posted the comment and if my memory is right, you can only apply capabilities at creation time. Just try to create a key; gpg asks for the capabilities at this moment. That means, no, it doesn't seem to have a way to change the capabilities of a key after it has been created. | |
| Oct 21, 2018 at 21:11 | comment | added | Jonathan Cross | @morgan-courbet By default, the master key has both S and C capabilities and a single E subkey is created. The S is needed so you can Sign documents and messages. However it is just not convenient for those who plan to have an offline master key (but that is not considered the norm). I don't know if it is possible to remove the S capability from the master key, but would like to know myself. | |
| Aug 20, 2018 at 13:12 | comment | added | Morgan Courbet | "By default, GnuPG creates your Master key as [SC], but it doesn't have to." I was just wondering if I could remove the [S] capability from my master key. Why GnuPG applies [S] capability if it not needed? | |
| May 29, 2018 at 14:11 | comment | added | mricon | Not to mention Yet Another Guide, but I go into many of these considerations in this document I wrote: github.com/lfit/itpol/blob/master/protecting-code-integrity.md | |
| May 29, 2018 at 13:06 | vote | accept | atapaka | ||
| May 29, 2018 at 11:47 | history | answered | mricon | CC BY-SA 4.0 |