On Sep 1, 2009, at 10:51 AM, Seidl, Scott wrote:
We use gnupg in an automated mode within the organization to encrypt/
decrypt documents exchanged between companies. The Key Pair we have
is expiring soon and I am replacing it with a new key pair. This
new key would be provided to the other companies before the other
expires.
I have a couple questions about the existing public keys we have
imported to our key ring.
1 – it’s my belief that I have to sign/trust each of the keys with
the new secret key, is that correct?
2 – Is there any command to do a mass sign or must I do a gpg –u
XXXXXXX --edit-key YYYYYYfor each key?
3 – What other items am I not thinking of?
Thanks
Scott Seidl
[email protected]
One thing you could try is implement a corporate certification-only
key, used for certifying others' keys. You would have a second keypair
used for signing, encryption, and conducting regular business.
Your encryption keypair could expire as normal, but your certifying
key would not. Then you would set up your trust system to only trust
those keys signed by your corporate certification key.
Since your certification key doesn't expire (or at least not as
frequently), you would save yourself the trouble of having to re-
certify all your partners' keys.
-Joe
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
