The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools

pgpfan:gpgburn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pgpfan:gpgburn [2021/12/06 02:25] – Prevent loss of dash b.walzerpgpfan:gpgburn [2021/12/06 12:10] (current) – Typo. b.walzer
Line 31: Line 31:
 </code> </code>
  
-Then use the ''key'' command to select the encryption subkey (''ssb*'', ''usage: E'') which is this case is the first subkey:+Then use the ''key'' command to select the encryption subkey (''ssb*'', ''usage: E'') which in this case is the first subkey:
  
 <code text [highlight_lines_extra="6,7"]> <code text [highlight_lines_extra="6,7"]>
Line 244: Line 244:
 Removing the encryption designation from your old encryption subkey might not be strictly necessary. GnuPG will automatically select the newest encryption subkey. This behaviour is not part of any standard so the removal of the encryption designation is intended as a form of insurance to cover the case where other OpenPGP implementations have different behaviour. Removing the encryption designation from your old encryption subkey might not be strictly necessary. GnuPG will automatically select the newest encryption subkey. This behaviour is not part of any standard so the removal of the encryption designation is intended as a form of insurance to cover the case where other OpenPGP implementations have different behaviour.
  
-There is no point in redistributing your new cleaned up key produced at the end of the demonstration. Importing that key will not result in a change to your current correspondents keyrings or your key already stored on a key server. That is because the OpenPGP practice is to merge subkeys on an import. That eliminates the complexity of a mechanism exclusively under the control of the key owner to delete subkeys.+There is no point in redistributing your new cleaned up key produced at the end of the demonstration. Importing that key will not result in a change to your current correspondents keyrings or your key already stored on a key server. Your old encryption key will remain. That is because the OpenPGP practice is to merge subkeys on an import. That eliminates the complexity of a mechanism exclusively under the control of the key owner to delete subkeys.
  
 Deleting the private key, even with an overwrite as shown here might not be reliable. See [[em:burn#the_trouble_with_media|The Trouble With Media]] for the details. For some sort of extreme security requirement a backup followed by media destruction followed by a restore might be in order. Deleting the private key, even with an overwrite as shown here might not be reliable. See [[em:burn#the_trouble_with_media|The Trouble With Media]] for the details. For some sort of extreme security requirement a backup followed by media destruction followed by a restore might be in order.
  
 This process is very manual. There are no GnuPG ''%%--preburn%%'' and ''%%--burn%%'' commands to automate this. This suggests that this is not something that is commonly done. Most people don't fear the exposure of their keys enough to make this worthwhile for this sort of system. This process is very manual. There are no GnuPG ''%%--preburn%%'' and ''%%--burn%%'' commands to automate this. This suggests that this is not something that is commonly done. Most people don't fear the exposure of their keys enough to make this worthwhile for this sort of system.
 +
 +[[pgpfan:index|PGP FAN index]]
 +
 +[[em:index|Encrypted Messaging index]]
 +
  
pgpfan/gpgburn.1638757552.txt.gz · Last modified: 2021/12/06 02:25 by b.walzer