Singing a key with a subkey

Faramir faramir.cl at gmail.com
Wed Apr 8 06:45:19 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Brian Mearns escribió:
> I've exported a crippled version of my private keyset for use at
> work...I did not include the primary/master key in the export, only a
> signing subkey and an encryption subkey. Now I've imported them on a
> different system and want to sign a co-workers key with the subkey,
> but gpg complains that:
...

> I'm able to sign files using the subkey (on the same system), so I'm
> not clear why I wouldn't be able to sign a key with it as well. Is
> there something I'm missing, is there a way around this, or is there
> something fundamental about this limitation?

  Because signing another key is known as "certification" and the
subkeys don't have that capabily. It is one of the reasons to keep the
primary key safely at home, because with it, somebody can sign keys as
if you had signed them...

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJJ3CveAAoJEMV4f6PvczxAhXoH/R3K7IytW9YZzPCQII5MXWtV
n6ZWyg4nfXGwqW8x9ADYA0MsxgtNVLicqLXci+MrgkClGD+Ji27E+r/9kPkStV5u
tNfzNLkkORSch6tWcpinZeTzOmj6eaVsGBUdK/tq7cdvJp6Mw2IgYKVpuL6fBQr+
GhFAHfQlukw3BSTpZkOd/CWrzMJcOJuuIm1FzU317lzpSnEipSTTg/igd37N/8vH
laogkMxKtR5Mo5O7vfuBnXURCKWb5VhoREJZV+uN0X8QiZwDlLWA0+SpGqnYzkC5
ooaMT1E0djCZII/KKeNPdYOGpXOp2ZI1AqeKrdy3fAMEsqT/dledk9dHGXjH5jU=
=sXSi
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list