Matt Vance vancematthew1983@yahoo.com [PGP-Basics]
2014-09-25 19:54:28 UTC
Hello kind list subscribers,
I recently built trying to learn more about gnupg. From what I have been learning, it's best to use a subkey to sign everything and keep your master secret key offline. I found a couple of good articles online which discuss how to go about doing this (links below). I was able to accomplish this by following the articles, but the process left me with a couple of questions.
1.) As I was following along with one of articles, it had me export my newly generated subkey so I can re-import it after removing my masterkey. I ran gpg --list-secret-keys (and also gpg -K) to determine the keyID associated with my new subkey. However, the output of those commands did not provide any indication as to which key was the encryption subkey and which was the sign only subkey.
The keyID I needed was the last one in the list output of gpg--list-secret-keys (presumably because it was the list subkey generated). I was able to verify this truly was the new signing subkeyID rather than the encryption subkeyID by scrolling further up the shell to see the output of the addkey command. The results of that command showed the "usage" of each keyID. Had I done this at a later time or had multiple subkeys, how can you tell the key type (e.g. encryption, sign, etc.) of subkeys? Is there a command similar to gpg --list-secret-keys which also displays key usage?
2.) One of the steps in the Debian article said "Export the subkeys: gpg --export-secret-subkeys SUBKEYID1! .. SUBKEYIDn! > subkeys (NOTE: The exclamation marks ! are significant)". It said the exclamation after the keyID is important, but does not say why. Nothing I found online discusses ever using an ! after a keyID. The other article does not include this step and running the command without it seemed to work. What does adding an exclamation (!) after a keyID in GPG do?
I'm running the 1.4 branch of GPG.
The URLs for articles I referenced are:
https://alexcabal.com/creating-the-perfect-gpg-keypair/
https://wiki.debian.org/Subkeys?action=show&redirect=subkeys
Thanks in advance for your help.
Matt
I recently built trying to learn more about gnupg. From what I have been learning, it's best to use a subkey to sign everything and keep your master secret key offline. I found a couple of good articles online which discuss how to go about doing this (links below). I was able to accomplish this by following the articles, but the process left me with a couple of questions.
1.) As I was following along with one of articles, it had me export my newly generated subkey so I can re-import it after removing my masterkey. I ran gpg --list-secret-keys (and also gpg -K) to determine the keyID associated with my new subkey. However, the output of those commands did not provide any indication as to which key was the encryption subkey and which was the sign only subkey.
The keyID I needed was the last one in the list output of gpg--list-secret-keys (presumably because it was the list subkey generated). I was able to verify this truly was the new signing subkeyID rather than the encryption subkeyID by scrolling further up the shell to see the output of the addkey command. The results of that command showed the "usage" of each keyID. Had I done this at a later time or had multiple subkeys, how can you tell the key type (e.g. encryption, sign, etc.) of subkeys? Is there a command similar to gpg --list-secret-keys which also displays key usage?
2.) One of the steps in the Debian article said "Export the subkeys: gpg --export-secret-subkeys SUBKEYID1! .. SUBKEYIDn! > subkeys (NOTE: The exclamation marks ! are significant)". It said the exclamation after the keyID is important, but does not say why. Nothing I found online discusses ever using an ! after a keyID. The other article does not include this step and running the command without it seemed to work. What does adding an exclamation (!) after a keyID in GPG do?
I'm running the 1.4 branch of GPG.
The URLs for articles I referenced are:
https://alexcabal.com/creating-the-perfect-gpg-keypair/
https://wiki.debian.org/Subkeys?action=show&redirect=subkeys
Thanks in advance for your help.
Matt