[arch-general] [OT, maybe] "Secure Key Generation"

Gr., F. frgroccia at gmail.com
Sat Nov 12 04:28:41 EST 2011

I think the following is interesting:

"However, this imply another problem: all the signatures made on
other keys would be invalid too after the expiration of our key,
unless we renew it periodically. Moreover, if we decided not to renew
our old key after its expiration but to generate a new one, we would
need to collect again on the new key all the signatures that other
persons made on the old one."
(source: <http://tjl73.altervista.org/secure_keygen/en/en.html>)

In short (for who knows GPG):
- create a public key -- RSA (sign only)
- backup your '.gnupg' dir and keep it in a secure place
- add a subkey for encryption
- export your subkey
- delete secret and public key
- import your subkey
- to modify our key we can type the command
  'gpg2 --no-permission-warning --homedir <your path> --keyring ~/.gnupg/pubring.gpg --secret-keyring <your path> --trustdb-name ~/.gnupg/trustdb.gpg --edit-key <keyid>'
- to sign other keys
  'gpg2 --no-permission-warning --homedir <your path> --keyring ~/.gnupg/pubring.gpg --secret-keyring <your path> --trustdb-name ~/.gnupg/trustdb.gpg --edit-key <key imported>'

That's all. :-)

Law is mind without reason.

More information about the arch-general mailing list