On Tue, Mar 22, 2016 at 10:56:27PM +0000, Andrew Gallagher wrote: > > IMHO the only thing to do with E-usage primary keys is revoke them > and start again from scratch. The only reason they are even still > allowed in GPG is for backwards compatibility, right...?
Right. Primary keys MUST be C-usage and MAY be SCA usage, by default they're SC, but simply creating an S-usage subkey moves the S function to the subkey (by default GPG will select the newest subkey with a given capability to perform that function). Since default key generation does not include authentication (A) keys for SSH, the result is usually an SC master with an E subkey of matching bit sizes. Some people like to fiddle (i.e. use expert mode), so you may see keys with only C set for the primary key and subkeys for everything else. I like to fiddle too, but selected a middle of the road option (SC for primary, but an additional S subkey and an E subkey). Regards, Ben
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users