Garth, As near as I can tell, almost all your questions are answered in the GnuPG FAQ. Check out http://www.gnupg.org/(en)/documentation/faqs.html
Here are some specific sections you should look at: > So, during the process, I noticed that "Using Insecure Memory" came up many > times because I didn't generate the keys as root. I think that's why > anyway, maybe that's not what it meant. > Section 6.1 - It's not that you should run the program interactively as root, you just need to set it setuid(root). > So, now I need to make new keys and I"m going to make certains keys for > certain lists of people like CLUG and family etc. Should I generate these > keys as ROOT or does it really matter. I mean it's not like anybody is > into my systems anyway so does it really matter? Or not? > This goes back to the same as above, about root vs. non-root. I would suggest you not do this as root, because a) you don't need to - the solution is to setuid the gpg program, and b) you should never really do anything other than system maintenance as root. :-) > I'd like to get it right this time because this is not so easy the first > time round. I'm a little more comfortable with it, and hopefully I don't > forget what I've learned tonight. And should keys have secret subkeys and > subkeys for subkeys etc. > Ok, don't have an answer for that one, but I haven't read the whole FAQ - it might be in there. Are you talking about ADKs and such? I would also suggested the GnuPG Handbook, found at http://www.gnupg.org/gph/en/manual.html. On the general subject of multiple keypairs, personally, I just have a single keypair that I use for all communications, which contains all my email addresses. But this is a matter of choice. Other people have one keypair for each email address. Some people make one keypair for signing software and a different one for communication. It's up to you to choose what works best for you. > Also, is it better to make 8 bit over 7 bit or does that matter either way > too? I know how to make keys now, a few different ways, so I guess my > question is "Which is the best or most secure key to make?" Obviously 64 > over 32 and 128 over 64 bit etc, but I'm not sure about the 7 or 8 bit > signatures and there's another thing. Signatures. Hmmm. Any help at all > will help me think a little more too. Thanks. Section 4.11 Ian
