-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Thank you very much for your reply. Please see my comments below in the replied text:
On 1/21/2015 4:36 AM, Daniel Kahn Gillmor wrote: > On Mon 2015-01-12 10:13:48 -0500, s7r wrote: >> Is it possible to have one masterkey with two subkeys (sbind), >> one for encrypt only and one for sign only, and each of them to >> have different passphrases? > > Yes, it is possible. with gpg 2.1, you can create new subkeys and > give each of them a different passphrase. I haven't tested with > 1.4 or 2.0. > Understood. I guess this has to be done via console commands, since the pour enigmail thundebird addon has very limited options when creating/editing a GPG key. I have 2 masterkeys, each with a subkey. Any way I can merge them together so I would have one primary key and 3 subkeys? >> Additionally, how can I select in enigmail which userID I want to >> sign when signing a key with multiple UserIDs? I do not want to >> sign the primary one. Enigmail just offers me the ability to >> 'sign key', nothing said about UserID, just lets me select either >> normal signature or local signature not exportable. > > The thing that you're signing with is a key. it's either your > primary key, or a signing-capable subkey. Your User IDs are all > associated with your primary directly (and with your subkeys > indirectly, through the primary key). > I guess my question was not clear - sorry about it. I can see multiple flags for the keys: Sign, Encrypt, Certify. I guess the Certify flag matters when signing another GPG key and Sign is used for signing text? I have the public key of John Doe <[email protected]> . He has more UserIDs associated with the same masterkey, as follows: John Doe <[email protected]> John Smith <[email protected]> Bob Jones <[email protected]> Primary UserID is John Doe <[email protected]> I want to sign this key, but just to confirm the UserID John Smith <[email protected]> and not sign/certify his other UserIDs belonging to the same key. Is this possible? > The OpenPGP standard defines a way to embed the preferred user ID > in a given signature using a "signer's user ID" subpacket [0], but > it has several drawbacks: > > * i'm not sure how to do it in GnuPG, which enigmail relies on for > the OpenPGP parts, and > > * it's not clear what a receiving MUA should do with that > information, even if it was present. > > So i don't think this is a feature request that makes a lot of > sense, really. Can you explain more what you'd hope to gain from > such a configuration? > > --dkg > > [0] https://tools.ietf.org/html/rfc4880#section-5.2.3.22 > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBCAAGBQJUv4ZgAAoJEIN/pSyBJlsR8GoH/A+cX/JTltpd684ihWMdPPAD RkUJIqRaf5EWv4PZuNRbtSzL52ZFmi46dYRkiEUvg0PUeLo8so3Qoi4SEAzIL6Qf +k59YyfiSM3hX658PGgJLwBGTAIZ/ggULuJ3/5tJbfgfxKStCJeNZBzxnJGuImTr +q9j1NcJCjqe3FbOOSl0HYbh7agCh2WYTbdD8KrhcukHuRnzkTXim6QZlEWGBwJ5 MLKBJjELb2lVsE5WSoVtu4SdbIaSNTY07NgKl5wGykZ+2NofQzvJ1DI9VEbwl9h/ vXJQQjXN1J+d7jHHPyLvIraOd006hvbiqJvm5Bzi5+BobHwr8QGzhA0bluG3Yk8= =ra6A -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
