[Gpg4win-devel] Kleopatra creates keys without separate subkey

Andre Heinecke aheinecke at intevation.de
Fri Apr 24 10:47:18 CEST 2015 

Hi,

On Tuesday, April 21, 2015 08:43:33 AM Werner Koch wrote:
> Ben raised this problem on the OpenPGP WG list: It seems that Kleopatra
> creates an sign+encrypt primary key instead of a sign primary and
> encrypt subkey.

This was done before my time. I guess the Rationale (and what I also thinking) 
is that having a separate subkey does not increase your Key Security by 
default and thus unnecessarily complicates things. If you want to separate 
storage of your primary and your subkey you can do this and at this point it 
is assumed that the user knows what a subkey is and is not confused by the 
concept.

> That is very bad and does not match GnuPG's defaults.

Ok. If you say so I accept that ;-).  I'm currently thinking that just using 
Key-Type: default Subkey-Type: default etc. in the GnupgKeyParams xml would be 
the best way to go here (as long as the user does not use advanced options) 
instead of hardcoding it or making in configurable (It currently is 
configurable) in Kleopatra.

There is a little bit of a Problem that we then would only show the user that 
we are about to create a Key with default values but for this case we could 
probably just remove the Dialog "We are about to create a key with this 
values" to reduce UI Steps.

This should be small enough that I can fit it in for the next gpg4win 
maintenance release.

Ideally we would have something like gpgme_inquire_genkey_defaults or 
something so that we could show the defaults to the user and fill the "advanced 
keygen options" default values accordingly. But I would not want to implement 
this for the next gpg4win release.

Regards,
Andre

-- 
Andre Heinecke |  ++49-541-335083-262  |  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20150424/800fa046/attachment.sig>

More information about the Gpg4win-devel mailing list