Re: kmail and encrypted mails
Hi Teemu,
thank you for the fast and good informations. I learned, that my
key is not capable to encrypt, but to sign mails.
This was a long time good enough for me, as no one wanted encrypted mails from
me.
I also learned, that I made a mistake in 2007, when I created the keys, that I
created the wrong form (DSA and ElGamal). At that time, I did not know better.
So, today I created a new keypair (with RSA4096 and a loooooong Mantra), which
I will use in the future, too. The old key will be used as a signing key for a
while.
The old key can only be changed either for enryption or for signing, but not
both. So, the easiest solution was to create a new one.
In the last hours I learned a lot and read a lot and I believe, I now better
understand how it works.
Here I can now only say: Thank you (and all the other guys) for your great
help and your hints.
Best regards
Hans
> Let's look at your key:
>
>
> $ gpg --list-options show-unusable-subkeys,no-show-uid-validity \
> --list-keys Ullrich
>
> pub dsa1024 2007-12-05 [SC]
> 984893FB397A9E4E4834898FE27C63AA5F093FF8
> uid Hans-J. Ullrich [...]
> uid Ullrich-IT-Consult [...]
> sub elg2048 2007-12-05 [E] [expired: 2008-12-04]
>
>
> It tells us that your master key (dsa1024) has [SC] capabilities, which
> means that it can create message signatures [S] and certificates [C].
> The key also has a subkey (elg2048) with encryption [E] capabilities but
> the subkey has expired in 2008-12-04 so it is not used anymore.
>
> You can create a new encryption subkey if you want to add an encryption
> capability: --edit-key + addkey. You can also modify the expiration date
> of your existing subkey: --edit-key + key 1 + expire.
Reply to: