Re: Updated DSA Key


Subject: Re: Updated DSA Key
From: Chris Lawrence (cnlawren@olemiss.edu)
Date: Fri Dec 31 1999 - 07:14:50 CET


On Dec 31, Mike Goldman wrote:
> What is the procedure for submitting a new (DSA/ElGamal) key for signing
> packages with? Since converting to GnuPG and creating a DSA key,
> debsign wants to use the DSA key instead of the older RSA key, unless
> explicitly overridden. Rather than doing this each time, or sticking
> with the RSA key exclusively, I'd like to be able to use either key for
> signing.

I followed the procedure in the debian-keyring README file. Remember
to sign your DSA key with the RSA key, of course, then send it in.

Here are the relevant sentences:

Updating your key(s)
--------------------

If your key has been updated, you should send your update to
keyring-maint@debian.org.

Signing your GPG key with your PGP one
--------------------------------------
        
If you already have a PGP key, but only now made a GPG key, you must
sign your GPG key with your PGP one. This can be done as follows:

o Get the gpg-rsa (or gpg-rsaref, if you live in the US) and gpg-idea
  packages and install them.

o Sign your GPG key with your PGP key:
        gpg --load-extension rsa --load-extension idea \
            --secret-keyring ~/.pgp/secring.pgp \
            --default-key 'Your PGP ID' --sign-key 'Your GPG ID'

I think dinstall uses the keyring from the latest debian-keyring
package, so your GnuPG key won't work until your new key is inserted
into the official keyring and uploaded. This usually happens once or
twice a month.

In the meantime, you could get GnuPG to use the RSA key for signing,
so you don't have to remember to specify the needed options for using
PGP.

Chris

-- 
=============================================================================
|         Chris Lawrence          |       Get Debian GNU/Linux CDROMs       |
|    <quango@watervalley.net>     |      http://www.lordsutch.com/cds/      |
|                                 |                                         |
|        Debian Developer         |      Visit the Amiga Web Directory      |
|     http://www.debian.org/      |     http://www.cucug.org/amiga.html     |
=============================================================================

-- Please respect the privacy of this mailing list.

To UNSUBSCRIBE, email to debian-private-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



This archive was generated by hypermail 2b25 : Fri Dec 31 1999 - 10:20:46 CET