I would like to keep the private portion of my primary key stored
offline and use an expiring secondary key for day to day signing. To
accomplish this I have tried backing up the key after creating the
secondary signing key, then attempting to delete the private portion of
the primary key from
On Mar 1, 2010, at 12:20 PM, Phillip Susi wrote:
> I would like to keep the private portion of my primary key stored offline and
> use an expiring secondary key for day to day signing. To accomplish this I
> have tried backing up the key after creating the secondary signing key, then
> attempt
David Shaw wrote:
>
> Didn't someone write a nice HOWTO about offline private keys at one point? I
> thought there was one out there, but can't find it at the moment. Can anyone
> post the URL for Philip?
>
Adrian von Bidder's page is the only one that memory serves up:
http://fortytwo.ch/gpg/su
>
> Can anyone post the URL for Philip?
>
> David
>
http://fortytwo.ch/gpg/subkeys
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 3/1/2010 1:57 PM, David Shaw wrote:
What you need to do is an --export-secret-subkeys (there is no such command as
--delete-primary-keys). So, starting from a state where your whole key
(primary and all secondaries) are all imported to your GPG instance, do:
Yes, I meant --delete-secret-k
On Mar 1, 2010, at 2:59 PM, John Clizbe wrote:
> David Shaw wrote:
>>
>> Didn't someone write a nice HOWTO about offline private keys at one point? I
>> thought there was one out there, but can't find it at the moment. Can anyone
>> post the URL for Philip?
>>
>
> Adrian von Bidder's page is th
On Mar 1, 2010, at 3:31 PM, Phillip Susi wrote:
> On 3/1/2010 1:57 PM, David Shaw wrote:
>> What you need to do is an --export-secret-subkeys (there is no such command
>> as --delete-primary-keys). So, starting from a state where your whole key
>> (primary and all secondaries) are all imported
On Mar 1, 2010, at 4:11 PM, Phillip Susi wrote:
> On 3/1/2010 3:37 PM, David Shaw wrote:
>>> This does the trick, but I still do not understand why
>>> --delete-secret-key removes BOTH the primary and subkey secrets
>>> when I specifically gave only the ID of the subkey? Shouldn't it
>>> remove e
On 3/1/2010 3:37 PM, David Shaw wrote:
This does the trick, but I still do not understand why
--delete-secret-key removes BOTH the primary and subkey secrets
when I specifically gave only the ID of the subkey? Shouldn't it
remove exactly what I say and no more?
It has to do with how keys are s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
David Shaw escribió:
...
> Didn't someone write a nice HOWTO about offline private keys at one point? I
> thought there was one out there, but can't find it at the moment. Can anyone
> post the URL for Philip?
http://tjl73.altervista.org/secur
On Mon, 1 Mar 2010 22:13, ds...@jabberwocky.com said:
> someone elses key. The current design effectively forces people to
> manually move the valuable primary key out of the way before
> clobbering it with the subkey-only copy of the key.
Another important point is that if you want to use an o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Werner Koch escribió:
...
> Another important point is that if you want to use an offline key you
> should create that key offline and export the subkeys to the online box.
> Doing this on the same box is a bit questionable. To me an offline key
> i
On Tuesday 02 March 2010, Faramir wrote:
> Werner Koch escribió:
> ...
>
> > Another important point is that if you want to use an offline key
> > you should create that key offline and export the subkeys to the
> > online box. Doing this on the same box is a bit questionable. To
> > me an offlin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
Another question araised while testing my new OpenPGP smartcard:
I have an offline keysigning key and would like to add a signing and an
encryption key to it for online use, with the secret parts of the last
two on the smartcard. So I performe
Hello GnuPG-Users!
With a new year comes a new keypair and this time I tried to use subkeys
to separate my secret primary key from the "day-to-day"
encryption/signing keys.
Using options "--no-default-keyrings --secret-keyring secring2.gpg
--public-keyring pubring2.gpg" I generated the primary ke
On Fri, Apr 01, 2005 at 01:57:51PM +0200, Peter L. Smilde wrote:
> This is OK for the offline secret keyring. But my online secret keyring
> shouldn't contain the secret primary keysigning key (as before).
Isn't this exactly the approach described in the thread "Clarification
on purpose of subordi
Jan Niehusmann schrieb:
> Isn't this exactly the approach described in the thread "Clarification
> on purpose of subordinate keys" two days ago? There was a very nice
> step-by-step description posted by Dirk Traulsen.
You're right. I already knew the "purpose", but the thread clarified
this speci
Am Freitag 01 April 2005 13:57 schrieb Peter L. Smilde:
> "OpenPGP smartcard HOWTO", section "Advanced features", subsection
> "Using the card only for subkeys".
I think I have missed that mail. Could someone mail it to me, please?
Or is it a web site? Google doesn't know about it.
Thomas
On Fri, Apr 01, 2005 at 03:23:06PM +0200, Thomas Hühn wrote:
> I think I have missed that mail. Could someone mail it to me, please?
>
> Or is it a web site? Google doesn't know about it.
http://www.kernelconcepts.de/products/Smartcard-HOWTO.txt
___
Gn
Sven Radde wrote:
> I thought that I would simply 'include' the primary key by adding
> "--secret-keyring secring2.gpg" whenever I need it for these kinds of
> operations, but GnuPG complains about missing parts of the secret key
> regardless of whether this option is present of not.
AFAIK, GnuPG
Hi list,
I wish a great 2010 year for everybody!
On Sat, Jan 2, 2010 at 11:09 AM, Sven Radde wrote:
> Hello GnuPG-Users!
>
> With a new year comes a new keypair and this time I tried to use subkeys
> to separate my secret primary key from the "day-to-day"
> encryption/signing keys.
Concerning
Hi!
Peter Lebbing schrieb:
> By exchanging the order of the keyrings, hopefully this will mean it looks for
> the key in secring2.gpg first, where the primary key is included too.
Works fine for certifying other people's keys, thank you!
However, since all updates to the my key would be done to
22 matches
Mail list logo