Re: valid from date?
Jørgen Lysdal wrote: 2006/6/28, Werner Koch [EMAIL PROTECTED]: I can see no reason for using a valid from key. Simply create it when you need it. I can imagine that it makes sense for a key with no subkeys. You can already collect signatures before you actually use the key. In the case of subkeys that seems to be not necessary. For me, creating a key is a one-time-thing, why not add some sub´s from the start, so i dont have to mess with it later? Well, producing cryptographic material years ahead does not really sound like very good idea. The used algorithms may have already proven to be insecure by the time the key get's valid. And advances in hardware technology and crpytographic attacks may enable an attacker to spend plenty of time on hacking your key in advance. These issues might render the key useless before the start from date is actually reached. So it's the usual trade off between convenience and security... Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: valid from date?
On Mon, 26 Jun 2006 19:45, Jørgen Lysdal said: Ive used PGP for some time, and it allows me to set a valid from date on my subkeys.. Is this also possible on GPG, or can i only select the expiration date? It is not possible to set a valid from date. Actuall there is no valid from date but just the creatuion time of the key. When selecting a key, GnuPG ignores those created in the future. If you ant to hack support for it, check out make_timestamp(). I can see no reason for using a valid from key. Simply create it when you need it. If two encryption subkeys are valid in the same period of time, how does gpg select which one to use? The latest key which fits the requirements (preference, algorithms etc.) is used. Keys created in the future are ignored for this purpose. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: valid from date?
2006/6/28, Werner Koch [EMAIL PROTECTED]: It is not possible to set a valid from date. Actuall there is no valid from date but just the creatuion time of the key. My key made with PGP shows this: sub 4096R/10BFF302 created: 2006-04-06 expires: 2008-04-06 usage: E sub 4096R/B3DF6DC0 created: 2008-04-06 expires: never usage: E So GPG will see the valid period on the second subkey as 2008-04-06 to never. and not use it before 2008-04-06 ? When selecting a key, GnuPG ignores those created in the future. uhm.. i dont think im getting this right... If you ant to hack support for it, check out make_timestamp(). Can this enable me to set created date´s like, in 2010 if i want? I can see no reason for using a valid from key. Simply create it when you need it. For me, creating a key is a one-time-thing, why not add some sub´s from the start, so i dont have to mess with it later? The latest key which fits the requirements (preference, algorithms etc.) Isent theese algo settings stored with each uid? or do i mix things together? Thanks for your help. - Jorgen Ch. Lysdal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users