[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Migrating to GPG - A mini-HOWTO

On Mon, 13 Sep 1999, Martin Schulze wrote:

> Scope
>    This Mini-HOWTO is intended to help debian people converting from
>    using PGP to GnuPG for their work within the Debian Project.

Maybe it should be widened to include recommendations about how to create
OpenPGP keys if you have already have a PGP 2 key in Debian..

>    ## These extensions have patents or other issues, these are only
>    # required if you want to use pgp signatures and keys as well.  If
>    # you're only using the free and patent-less GnuPG you don't need
>    them.
>    #
>    #load-extension rsaref
> 				   # Not for use in the States
>    #load-extension rsa
> 				   # Patented in much of Europe
>    load-extension idea

IMHO you should never load idea - it's only use is for reading encrypted
email from a PGP 2.x/5.0 user. Besides, it's even more patented than RSA..
To be a usefull replacement for PGP2.x you will need one of the two RSAs

> Signing .dsc and .changes files
>    The Debian Installation routine (dinstall) is already prepared to
>    accept GnuPG keys.  Your key has to be included in the keyring.gpg,
>    though.  If this isn't done yet, send it to the keyring maintainer

>    at keyring-maint@debian.org.  If your GnuPG key doesn't have a
>    proper signature, you should sign that mail using your old PGP key,
>    so the keyring maintainer can ensure that he's not adding an
>    intruder's key.

Nono, the new key must have a signature on it from the old RSA key (this
is posisble) then you can send it in a signed message to the keyring
people. Otherwise our web of trust is totally trashed, very bad.

This should also clarify when it is needed to move to a new key - not
everyone needs to, but all new keys should be OpenPGP keys.

However, everyone should be -using- gpg with their old PGP 2.x key.

Also, the correct thing to call a 'gnupg key' is an 'openpgp key' - it is
not something that works exclusively with gpg.

> Voting in Debian
>    Is our UseVote already prepared to accept GnuPG keys?



Reply to: