-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Todd Zullinger wrote: > >>> FWIW, the subkey on Robert's key is still expired. This make >>> encrypting to his key difficult. In gpg, this is managed >>> separately from the primary key. And again, it's acceptable to >>> extend the expiration date or generate a new encryption subkey. >>> In this case, generating a new key has less downsides, because >>> you don't lose any signatures you have acquired on your key >>> (since those signatures are on the primary key, not the >>> subkey). >>> >>> $ gpg --list-options show-unusable-subkeys --list-sigs C2C60518 >>> pub 1024D/C2C60518 2008-01-19 [expires: 2010-02-21] uid >>> Robert L. Cochran (Greenbelt) <cochranb@xxxxxxxxxxxxx> sig >>> 31014A12 2008-02-14 [User ID not found] sig 3 C2C60518 >>> 2009-02-21 Robert L. Cochran (Greenbelt) >>> <cochranb@xxxxxxxxxxxxx> sig 3 C2C60518 2008-01-19 >>> Robert L. Cochran (Greenbelt) <cochranb@xxxxxxxxxxxxx> sig >>> X CA57AD7C 2008-02-03 PGP Global Directory Verification Key >>> sub 2048g/48FE9C94 2008-01-19 [expired: 2009-01-18] sig >>> C2C60518 2008-01-19 Robert L. Cochran (Greenbelt) >>> <cochranb@xxxxxxxxxxxxx> >>> >>> >> What is an acceptable way to fix this? Is there a way to remove >> the PGP Global Directory signature or update it but still keep >> the one from 31014A12 -- that's the signature of someone working >> for NASA who met me and signed my key. > > I wouldn't worry about the PGP Global Directory signatures. They > don't cause any harm. I do believe you can remove your key from > the PGP Global Directory and they will then stop adding signatures > to your key. However, this makes your key a bit less easily found > by users of PGP's products on Windows and Mac, as those products > use the Global Directory as their default keyserver. > > What you might wish to fix is your expired subkey. Otherwise, > anyone trying to encrypt something to you will have problems. You > can extend the expiration on the subkey similarly to extending it > on the main key. If you use the command line gpg tool, you could > use: > > gpg --edit-key C2C60518 > > And then select your subkey using "key 1" at the prompt. Then use > "expire" to set a new expiration. > > I don't use the GUI tools for gpg management, but it looks like > seahorse in gnome can do this. It's the "Passwords and Encryption > Keys" item on the Accessories menu. Opening it showed me my keys. > Double clicking the key I wanted to change brought up the key > properties. Then on the details tab there was a subkeys item. I > expanded that, selected my encryption subkey, and clicked the > Expire button. Okay, I signed the subkey. I didn't "see" that or understand it was having a detrimental effect until you pointed it out to me. I've sent the updated key to subkeys.pgp.net and signed this email with it. If there are other key servers I should send this to, let me know. Thanks Bob -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFJoZo+6lKCpcLGBRgRAt2lAJwOkjszVn7LSDGGR9DrLDZVDiUU4wCglvKz KNkk7uSPg66lyiZ1YvWXdG8= =TyL6 -----END PGP SIGNATURE----- -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
