> I'm confused. You seemed to be making quite a point of it. (-:
I'm confused too, that makes two ;) I didn't think about specific expiration
times of subkeys. I tried to figure out why everybody has no revoked subkeys at
all...
> There are others on this list better placed to answer this. As f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Saturday 13 December 2014 at 2:22:17 PM, in
, Kristian Fiskerstrand
wrote:
> But you could always generate a new self-signature
> giving it signing capability.
As you said in an earlier posting, that requires the use of a hacked
GnuPG version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 12/13/2014 02:41 PM, Peter Lebbing wrote:
> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>
> On 08/12/14 16:37, Kristian Fiskerstrand wrote:
>> This key will always be capable of signing by definition
>
> In what sense is that? It seems GnuPG i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/12/14 16:37, Kristian Fiskerstrand wrote:
> This key will always be capable of signing by definition
In what sense is that? It seems GnuPG is not letting me sign data with a
certify-only key:
$ gpg2 --edit-key de500b3e
[...]
pub 2048R/DE500B3E
On 13/12/14 12:12, Tomo Ruby wrote:
> But what does "meaningful way" mean?
That there may be theoretic methods to use signatures to learn information
about the private key, but that they are all so impractical that they can be
ignored.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in comb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/12/14 15:15, Tomo Ruby wrote:
> I really know only of this approach: The more encrypted/signed data I
> spread over the web, the easier it might be for an attacker to calculate
> the secret key.
If this was advice directly relating to OpenPGP: D
> Recommended by whom and against what threat model? And, really, the
> same lifespan for signing keys as for encryption keys?
To be honest I didn't think and search about that too much, but that was not
the point anyways...
> My take on the advice I have most often seen in previous
> discussion
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thursday 11 December 2014 at 2:15:26 PM, in
, Tomo Ruby wrote:
> To be honest I didn't think and search about that too
> much, but that was not the point anyways...
I'm confused. You seemed to be making quite a point of it. (-:
> How do y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/08/2014 10:48 AM, Tomo Ruby wrote:
| I know I could just set a new expiration date but most times it's
| recommended to use a key for two years at the longest.
Why do you think that's true? What threat do you think that using a
key for at mos
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Monday 8 December 2014 at 3:28:49 PM, in
, gnupgpacker
wrote:
> Some corporate partners are still using older versions
> of Symantec's PGP with WinXP, mostly for intranet.
> Problems with signing keys are known, sometimes it
> works, sometimes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Monday 8 December 2014 at 4:50:57 PM, in
, Kristian Fiskerstrand
wrote:
> It involve using a hacked version of gpg and generating
> a new self-signature, which, as I said is not
> worthwhile (as it doesn't do anything practically). But
> you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Monday 8 December 2014 at 6:48:23 PM, in
, Tomo Ruby wrote:
> as I wrote in the mail from Sun Dec 7 22:38:03 CET
> 2014: I know I could just set a new expiration date but
> most times it's recommended to use a key for two years
> at the longes
Am 08.12.2014 um 00:40 schrieb MFPA:
>
>
> On Sunday 7 December 2014 at 3:04:09 PM, in
> , Tomo Ruby wrote:
>
>
>> If I create a main key to certify
>> and subkeys for everything else, won't there be dozens
>> of subkeys on my main key after years of creating and
>> revoking subkeys?
>
> When
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 12/08/2014 05:18 PM, MFPA wrote:
>
>
> On Monday 8 December 2014 at 3:37:20 PM, in
> , Kristian Fiskerstrand
> wrote:
>
>
>> Changing this would require a new self-signature limiting the use
>> flags, but this is not worthwhile to do.
>
> I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Monday 8 December 2014 at 3:37:20 PM, in
, Kristian Fiskerstrand
wrote:
> Changing this would require a new
> self-signature limiting the use flags, but this is not
> worthwhile to do.
Is there a method to do this within GnuPG? I have not hea
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I recently created a key, with a RSA 4096-bit main key (certify only)
and 4 subkeys: one DSA for signing, and one ELGamal for encryption, for
communicating with people who I don't know are using ECC, and one each
of ED25519 and nistp384 for people wh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 12/08/2014 04:28 PM, gnupgpacker wrote:
> Hello,
>
>> -Original Message- From: Kristian Fiskerstrand Sent:
>> Monday, December 08, 2014 12:44 PM
>>
>>> Main key has options SC. There is an active newer signing key
>>> S, so this will be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 12/08/2014 12:31 AM, MFPA wrote:
> Hi
>
>
> On Sunday 7 December 2014 at 10:01:55 PM, in
> , Duplicity Mailing List wrote:
>
>
>> Stupid question inbound:- If you make a bunch of subkeys, say,
>> one for your phone, one for your desktop and o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 12/08/2014 10:12 AM, gnupgpacker wrote:
> Kristian, I am a little bit confused about your key design ;)
Fair enough,
>
> Main key has options SC. There is an active newer signing key S, so
> this will be always used for signing?
Correct
>
>
On Mon, Dec 8, 2014 at 10:12 AM, gnupgpacker wrote:
> Kristian,
> I am a little bit confused about your key design ;)
>
> Main key has options SC.
> There is an active newer signing key S, so this will be always used for
> signing?
My understanding is that if you have multiple signing subkeys on
On 12/07/2014 10:16 PM, Kristian Fiskerstrand wrote:
> On 12/07/2014 10:11 PM, Doug Barton wrote:
>
>> Why do you believe that you will be creating and revoking so many
>> subkeys?
>
> ...expiration of encryption subkeys
> and key rotation.
Hey, thanks for the answers so far! The most important
Kristian,
I am a little bit confused about your key design ;)
Main key has options SC.
There is an active newer signing key S, so this will be always used for
signing?
And there are two active encryption keys E:
GPG uses in my opinion only the key generated latest, isn't it?
So how to desire whi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sunday 7 December 2014 at 3:04:09 PM, in
, Tomo Ruby wrote:
> If I create a main key to certify
> and subkeys for everything else, won't there be dozens
> of subkeys on my main key after years of creating and
> revoking subkeys?
When the subk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Sunday 7 December 2014 at 10:01:55 PM, in
, Duplicity Mailing List wrote:
> Stupid question inbound:- If you make a bunch of
> subkeys, say, one for your phone, one for your desktop
> and one for your laptop, how does that work? I would
> a
On 07/12/14 21:16, Kristian Fiskerstrand wrote:
> On 12/07/2014 10:11 PM, Doug Barton wrote:
>> On 12/7/14 7:04 AM, Tomo Ruby wrote: | I wanted to create new keys
>> and came across the following | "problem": If I create a main key
>> to certify and subkeys for | everything else, won't there be doz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 12/07/2014 10:11 PM, Doug Barton wrote:
> On 12/7/14 7:04 AM, Tomo Ruby wrote: | I wanted to create new keys
> and came across the following | "problem": If I create a main key
> to certify and subkeys for | everything else, won't there be dozens
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/7/14 7:04 AM, Tomo Ruby wrote:
| I wanted to create new keys and came across the following
| "problem": If I create a main key to certify and subkeys for
| everything else, won't there be dozens of subkeys on my main key
| after years of creat
Hey,
after searching for a long time I finally decided to ask here:
I wanted to create new keys and came across the following "problem": If I
create a main key to certify and subkeys for everything else, won't there be
dozens of subkeys on my main key after years of creating and revoking subkey
28 matches
Mail list logo
