PGP Question
@se7en I believe you have. That's not a fatal problem. But it could be annoying if you generated those keys on hardware devices.
Re: Web-of-Trust, the web-of-trust attests to identities, via the master key. So adding new subkeys doesn't break it.
Re: expiration, you absolutely can just extend the expiration. I've done that with my key repeatedly.
@se7en
The "C" means certification: the ability to delegate to a subkey. It might be possible to remove that. But you definitely don't want to do that. :)
I'm not sure if you actually can remove the master key as a signing key. It wouldn't be all that relevant from a security perspective anyway, as the master key can always just delegate another subkey, so removing signing ability doesn't fundamentally remove its ability to sign things.
@se7en Looks like you can generate a cert-only master key with the --quick-gen-key option. But AFAICT you have to do that from the start - you can't change that later.
That'd be a pretty unusual setup, so I'd advice against it purely on a "will likely break things" basis.