Re: Expire a single UID
Hi, - In Reply to Original Message - <069b4d89-5951-0196-9fc7-5320624cb...@incenp.org> From: Damien Goutte-Gattat via Gnupg-users To: gnupg-users ; Sent: Mon, 11 Jun 2018 13:04:20 +0100 Subject: Expire a single UID > On 06/11/2018 09:30 AM, Max-Julian Pogner wrote: >> *) should i revoke the uid on the old key? => However, as far as i >> know, the secret key is not / was never compromised. > Revoking a UID is not the same as revoking a key, and does not imply > that the associated secret key has been compromised Then i'll revoke the uid. >> Thanks for any hints! > Here's another possibility: Have you considered using an OpenPGP card? > This would allow you to keep your private keys under your control, even > when you use them on your employer-provided system. That would be actually a very good solution. However, due to lacking my experience and lacking general acceptance, I have to postpone this until some other day. Thanks for the help! lg, Max signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Expire a single UID
Hi, On 06/11/2018 09:30 AM, Max-Julian Pogner wrote: > *) should i revoke the uid on the old key? => However, as far as i > know, the secret key is not / was never compromised. This is probably the best option in my opinion, since you will no longer use that key with this email address. Revoking a UID is not the same as revoking a key, and does not imply that the associated secret key has been compromised (if a key has been compromised you should revoke the key itself, not the UID). Most often it simply means "I no longer use that UID". Note that when revoking the UID you will have the option of specifying a reason for the revocation. > *) Also, other persons have signed the UID > max-julian.pog...@openresearch.com at key 0x2D40BDB44401A8AA without > expiration date. What should they do? With regard to your old key, they don't have anything to do. Your revocation of the UID takes precedence over their signatures. With regard to your new key, you might want to ask them if they could sign it. One way to do that is to send them an email signed by both the old key and the new key, so that they know you control both keys. > Thanks for any hints! Here's another possibility: Have you considered using an OpenPGP card? This would allow you to keep your private keys under your control, even when you use them on your employer-provided system. Hope that helps, Damien signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Expire a single UID
Hello there! I have quite a problem with properly bisecting a UID from my key. Maybe someone can help me? Here's the situation: This is currently my GnuPG-Key, and will remain my primar key: https://pgp.mit.edu/pks/lookup?op=get&search=0x2D40BDB44401A8AA https://pogner.at/gnupg/0x2D40BDB44401A8AA.gpg However, my contract with OpenResearch changes from freelancer to hired-employee. As a consequence, i will stop using my own Infrastructure but using their pc. Therefore, i will also read and write emails from the new work-pc. But i do not want to copy my secret key 0x2D40BDB44401A8AA to the new work-pc (which is very much their property and not under my full administrative control but under their company-it administrative control). Therefore, my current plan is to simply generate a completely new secret key with UID max-julian.pog...@openresearch.com. This also will not be a problem with the customers where gnupg is actually in use (less than 5 persons to be honest). Now there is a problem: Then there will be two keys published for max-julian.pog...@openresearch.com! This surely will cause confusion. *) should i revoke the uid on the old key? => However, as far as i know, the secret key is not / was never compromised. *) the UIDs were certified by me and by other persons without expiration dates. => I can change the expiration date of the primary key and subkeys using "gpg2 --edit-key" and "expire", but the UID remains valid forever. *) Also, other persons have signed the UID max-julian.pog...@openresearch.com at key 0x2D40BDB44401A8AA without expiration date. What should they do? Thanks for any hints! Max signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users