In the interest of supposedly making my signature more difficult to spoof, I added a signing subkey to my existing primary key:
$ gpg --list-key n...@n0nb.us
pub dsa1024 2000-05-02 [SCA] [expires: 2024-07-06]
82D64F6B0E67CD41F689BBA6FB2C5130D55A8819
uid [ultimate] Nate Bargmann <n...@n0nb.us>
uid [ultimate] Nate Bargmann <n...@yahoo.com>
uid [ultimate] Nate Bargmann <n...@arrl.net>
sub elg4096 2018-03-07 [E] [expires: 2021-07-07]
sub rsa3072 2019-07-08 [S] [expires: 2021-07-07]
The original signing key is still available as shown by the [SCA] after
the creation date. The new subkey is shown as sign only [S]. As the
primary key is only DSA 1024, I'd like to be sure that it is no longer
used. Is the only way to assure the newer key is used (I read an
assertion that gpg will choose the newest key for whatever action) is to
remove the primary key as noted at https://wiki.debian.org/Subkeys ?
I have not figured out how to remove a capability from a key.
TIA
- Nate
--
"The optimist proclaims that we live in the best of all
possible worlds. The pessimist fears this is true."
Web: https://www.n0nb.us
Projects: https://github.com/N0NB
GPG fingerprint: 82D6 4F6B 0E67 CD41 F689 BBA6 FB2C 5130 D55A 8819
signature.asc
Description: PGP signature
