Can anyone shed more light on these instructions particularly steps 6 and 1 & 2 on target machine? Or is the advanced manual available in English yet - I can’t find it.
On a secure machine:
- If you want to do automatic signing, create a signing subkey for your key (use the interactive key editing menu by issueing the command ‘gpg --edit-key keyID’, enter “addkey” and select the DSA key type).
- Make sure that you use a passphrase (needed by the current implementation).
- gpg --export-secret-subkeys --no-comment foo >secring.auto
- Copy secring.auto and the public keyring to a test directory.
- Change to this directory.
- gpg --homedir . --edit foo and use “passwd” to remove the passphrase from the subkeys. You may also want to remove all unused subkeys.
- Copy secring.auto to a floppy and carry it to the target box.
On the target machine:
- Install secring.auto as the secret keyring.
- Now you can start your new service. It’s also a good idea to install an intrusion detection system so that you hopefully get a notice of an successful intrusion, so that you in turn can revoke all the subkeys installed on that machine and install new subkeys