Hi, I think the following is interesting: "However, this imply another problem: all the signatures made on other keys would be invalid too after the expiration of our key, unless we renew it periodically. Moreover, if we decided not to renew our old key after its expiration but to generate a new one, we would need to collect again on the new key all the signatures that other persons made on the old one." (source: <http://tjl73.altervista.org/secure_keygen/en/en.html>) In short (for who knows GPG): - create a public key -- RSA (sign only) - backup your '.gnupg' dir and keep it in a secure place - add a subkey for encryption - export your subkey - delete secret and public key - import your subkey - to modify our key we can type the command 'gpg2 --no-permission-warning --homedir <your path> --keyring ~/.gnupg/pubring.gpg --secret-keyring <your path> --trustdb-name ~/.gnupg/trustdb.gpg --edit-key <keyid>' - to sign other keys 'gpg2 --no-permission-warning --homedir <your path> --keyring ~/.gnupg/pubring.gpg --secret-keyring <your path> --trustdb-name ~/.gnupg/trustdb.gpg --edit-key <key imported>' That's all. :-) -- Law is mind without reason. --Aristotle
