Web lists-archives.com

Re: kmail and encrypted mails




Hi Teemu,

thank you for the fast and good informations. I learned, that my
key is not capable to encrypt, but to sign mails.

This was a long time good enough for me, as no one wanted encrypted mails from 
me. 

I also learned, that I made a mistake in 2007, when I created the keys, that I 
created the wrong form (DSA and ElGamal). At that time, I did not know better.

So, today I created a new keypair (with RSA4096 and a loooooong Mantra), which 
I will use in the future, too. The old key will be used as a signing key for a 
while. 

The old key can only be changed either for enryption or for signing, but not 
both. So, the easiest solution was to create a new one.

In the last hours I learned a lot and read a lot and I believe, I now better 
understand how it works.

Here I can now only say: Thank you (and all the other guys) for your great 
help and your hints.

Best regards

Hans
> Let's look at your key:
> 
> 
>     $ gpg --list-options show-unusable-subkeys,no-show-uid-validity \
>             --list-keys Ullrich
> 
>     pub   dsa1024 2007-12-05 [SC]
>           984893FB397A9E4E4834898FE27C63AA5F093FF8
>     uid                      Hans-J. Ullrich [...]
>     uid                      Ullrich-IT-Consult [...]
>     sub   elg2048 2007-12-05 [E] [expired: 2008-12-04]
> 
> 
> It tells us that your master key (dsa1024) has [SC] capabilities, which
> means that it can create message signatures [S] and certificates [C].
> The key also has a subkey (elg2048) with encryption [E] capabilities but
> the subkey has expired in 2008-12-04 so it is not used anymore.
> 
> You can create a new encryption subkey if you want to add an encryption
> capability: --edit-key + addkey. You can also modify the expiration date
> of your existing subkey: --edit-key + key 1 + expire.