Questions[encryption](server)

I am running an email server which is currently set up to use TLS if possible, when sending and receiving emails.

When you read in the documentation about this, there is also the option to enforce TLS and not accept plain text transmission of emails. It also warns you that some mail servers might not support encryption yet and enforcing encryption could block these servers.

But is this still an issue one should think about or is it safe to say that enforcing encryption won't be a problem anymore?

Is there possibly some big provider who is already doing this or what do you consider best practice these days?

When encrypting a file to send to a collaborator, I see this message:

gpg: using subkey XXXX instead of primary key YYYY

Why would that be? I've noticed that when they send me an encrypted file, it also appears to be encrypted towards my subkey instead of my primary key. For me, this doesn't appear to be a problem; gpg (1.4.x, macosx) just handles it & moves on. But for them, with their automated tool setup, this seems to be an issue, and they've requested that I be sure to use their primary key.

I've tried to do some reading, and I have the Michael Lucas's "GPG & PGP" book on order, but I'm not seeing why there's this distinction. I have read that the key used for signing and the key used for encryption would be different, but I assumed that was about public vs private keys at first.

In case it was a trust/validation issue, I went through the process of comparing fingerprints and verifying, yes, I trust this key. While I was doing that, I noticed the primary & subkeys had different "usage" notes:

primary:  usage: SCA
subkey:   usage: E

"E" seems likely to mean "Encryption". But, I haven't been able to find any documentation on this. Moreover, my collaborator has been using these tools & techniques for some years now, so why would this only be a problem for me?

The previous SF questions I've seen have lead to answers that produce MD5 hashed password.

Does anyone have a suggestion on to produce an SHA-512 hashed password? I'd prefer a one liner instead of a script but, if a script is the only solution, that's fine as well.

Update

Replacing previous py2 versions with this one:

python3 -c "import crypt;print(crypt.crypt(input('clear-text pw: '), crypt.mksalt(crypt.METHOD_SHA512)))"

Using OpenSSL from the command line in Linux, is there some way to examine a key (either public or private) to determine the key size?

Let's suppose I have a SSH key, but I've deleted the public key part. I have the private key part. Is there some way I can regenerate the public key part?