Is it possible to create additional signatures for subkeys?
Hauke Laging
mailinglisten at hauke-laging.de
Wed Nov 7 03:58:16 CET 2012
Hello,
subject says it all...
UIDs can be revoked and reactivated by a newer signature. But I have not found
a way to create new signatures for subkeys. There are at least two reasons to
do that:
1) Like with UIDs, correcting an unwanted revocation.
2) What really happened to me: The subkey signature can have unwanted
components (caused by --cert-notation).
Technically I do not see a difference between UIDs ans subkeys which would
explain this asymmetry. But gpg offers to create new signatures for UIDs but
seems not to offer that for subkeys (the same for signature deletion).
There is also no equivalent to --allow-non-selfsigned-uid for subkeys. I used
gpgsplit to get rid of the revocation signature. But this is of no use if the
revocation signature has escaped into the public. I also stripped off the
subkey self-signature but then the subkey does not get imported at all (I had
hoped for a repair option).
I have to admit that I have not checked the RfC. Does it prevent the existence
of several subkey signatures? Or is there no fundamental reason against this
but due to lack of demand this has not been implemented?
Hauke
--
☺
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20121107/70586c15/attachment.pgp>
More information about the Gnupg-users
mailing list