subkeys and key flags
Peter Palfrader
gnupg-users=gnupg.org at lists.palfrader.org
Mon Dec 1 04:34:51 CET 2003
On Sun, 30 Nov 2003, David Shaw wrote:
> > If yes, how do I create a signing subkey that only may be used to sign
> > data/communications?
>
> A signing subkey has the appropriate key flags set for signing data
> and communications at generation time. The certification flag is not
> set.
This was only recently added to GnuPG? I added subkeys to 94C09C7F in
July (1.2.2 was in unstable at the time I think) but pgpdump does not
show key flags.
> > Is it possible to ammend the keyflags by adding a new self signature
> > to a subkey? (I suppose so, if yes, how do I do it?)
>
> In theory it's doable, but GnuPG does not provide a means to do it.
> You'd have to hack the source.
Will GnuPG recoginze and handle the second signature correctly? Do you
know whether PGP, Hushmail, etc will do so?
> > Am I correct when thinking that a subkey that may be used to certify
> > other keys may not be used to sign subkeys? iow: is the primary key the
> > only one that can bind subkeys to the primary key?
>
> Yes.
Thanks,
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20031201/c5b909aa/attachment.bin
More information about the Gnupg-users
mailing list