Re: Migrating to GPG - A mini-HOWTO
On Mon, 13 Sep 1999, Martin Schulze wrote:
> This Mini-HOWTO is intended to help debian people converting from
> using PGP to GnuPG for their work within the Debian Project.
Maybe it should be widened to include recommendations about how to create
OpenPGP keys if you have already have a PGP 2 key in Debian..
> ## These extensions have patents or other issues, these are only
> # required if you want to use pgp signatures and keys as well. If
> # you're only using the free and patent-less GnuPG you don't need
> #load-extension rsaref
> # Not for use in the States
> #load-extension rsa
> # Patented in much of Europe
> load-extension idea
IMHO you should never load idea - it's only use is for reading encrypted
email from a PGP 2.x/5.0 user. Besides, it's even more patented than RSA..
To be a usefull replacement for PGP2.x you will need one of the two RSAs
> Signing .dsc and .changes files
> The Debian Installation routine (dinstall) is already prepared to
> accept GnuPG keys. Your key has to be included in the keyring.gpg,
> though. If this isn't done yet, send it to the keyring maintainer
> at firstname.lastname@example.org. If your GnuPG key doesn't have a
> proper signature, you should sign that mail using your old PGP key,
> so the keyring maintainer can ensure that he's not adding an
> intruder's key.
Nono, the new key must have a signature on it from the old RSA key (this
is posisble) then you can send it in a signed message to the keyring
people. Otherwise our web of trust is totally trashed, very bad.
This should also clarify when it is needed to move to a new key - not
everyone needs to, but all new keys should be OpenPGP keys.
However, everyone should be -using- gpg with their old PGP 2.x key.
Also, the correct thing to call a 'gnupg key' is an 'openpgp key' - it is
not something that works exclusively with gpg.
> Voting in Debian
> Is our UseVote already prepared to accept GnuPG keys?