On Thu, 15 Sep 2016 09:17, an...@colomb.de said:
> Did I miss some option here, or are any such additions planned?
If you use the key and gpg detects a conflict, it shows you a lot of
info. For a per key output you need to run
gpg --with-tofu-info --with-colons --trust-mode=tofu+pgp -k USER
Damien Goutte-Gattat wrote on 2016-09-12
14:16 (UTC+0200)
> If you're already using GnuPG >= 2.1.10 (with support for the TOFU
> model), I would argue this is your best option.
This sounds reasonable. I'm on Ubuntu 16.04, GnuPG 2.1.11, so the TOFU
stuff seems to work fine.
It seems hard to disco
> Now I want to import someone else's key to verify a signature. In order
> to verify that signature, I need to at least locally sign the owner's
> key, AFAIK. However, I would need my offline master key (read: really
> inconvenient) to issue a signature.
I'm no expert, but as far as I know you do
On 09/12/2016 01:08 PM, Nathan Musoke wrote:
>> Now I want to import someone else's key to verify a signature. In order
>> to verify that signature, I need to at least locally sign the owner's
>> key, AFAIK. However, I would need my offline master key (read: really
>> inconvenient) to issue a signa
On 09/12/2016 11:04 AM, André Colomb wrote:
Maybe the upcoming TOFU trust model would help my usage pattern?
I think so. Marking the binding between your correspondent's key and its
email address with a "good" TOFU policy (something that does not require
your private primary key) would be equ
On September 12, 2016 6:58:08 AM EDT, Kristian Fiskerstrand
wrote:
>
>I'd suggest creating another primary key for explicit local
>certification purposes you never use anywhere else, and can rotate that
>as often as wanted to start fresh from time to time.
That's what I do. I have a separate key
On 09/12/2016 11:04 AM, André Colomb wrote:
> What is the recommended practice if I only want to verify message
> integrity, but don't have the master key with Certify ability available?
I'd suggest creating another primary key for explicit local
certification purposes you never use anywhere else,
Hi all,
this is my first post to GnuPG-users, please be gentle :-)
My OpenPGP setup currently includes an offline master key (see attached
public key) with three subkeys on a Yubikey USB "smartcard". Amongst
them is a signing subkey with "usage: S" flag, but only the master key
has the Certify ca
