Subject: Re: wanted: educate us please on key dongles



On Fri, Aug 11, 2017 at 10:08:16AM -0700, Sean Whitton wrote:
> Thank you for the explanation.
>
> On Fri, Aug 11 2017, Jonathan McDowell wrote:
>
> > * If you don't want to buy hardware, use an offline master
> > key. Create
> > a certification only master key using something like PGP Clean Room
> > on a non-networked host [...]
>
> By default, GnuPG creates a signing+certification master key. Could you
> explain why it's a good idea to override that? I'm not sure what it
> achieves.

I see no reason why the master key should ever be used for signatures in
such a scenario, so it seems sensible to indicate that it is purely for
certification.

J.

--
/-\ | "Could I have an 'E', please,
|@/ Debian GNU/Linux Developer | Bob?" (Blockbusters)
\- |

Attachment: signature.asc
Description: Digital signature

...



Programming list archiving by: Enterprise Git Hosting