Translations:Concepts/OpenPGP Getting Started/5/en

From KDE Wiki Sandbox
Revision as of 10:19, 6 September 2020 by FuzzyBot (talk | contribs) (Importing a new version from external source)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

You can easily create a key for playing around. But if you let others verify such a key you risk throwing work away later. Your aim should be to create one or more long term keys. The best advice is: Don't try on your own if you can avoid it. Ask experts if you can, people who already have replaced a key of their own and learnt from that. Use a secure system to create a key, use an offline main key and give both the main key and the subkeys an expiration date (not more than a year). Select a key policy (describing the security and usage of main key and subkeys) and stick to it. If you certify other keys before you have a certification policy, do not certify them for the public (web of trust), make local signatures instead (just for yourself). Avoid doing new things before you understand well what they mean.