wk at gnupg.org
Wed Sep 13 10:55:48 CEST 2006
On Sun, 27 Aug 2006 12:07, Dirk Traulsen said:
> @item --require-cross-certification
> - at itemx --no-require-certification
> + at itemx --no-require-cross-certification
Fixed. Also made --require-cross-certification the defualt for gpg2.
> When one issues the help command In the edit-key menu, there comes a list of commands. "cross-certify" is missing. I had a look at keyedit.c and the
> non-listed commands are the short cuts and the aliases. So it doesn't seem to be a deliberate ommision. Here is a proposal for a text. (The only
There are not that many signing subkeys out in the wild and the
"backsign" command is a helper to fix existing keys. For new subkeys
it is not required. The error message issued for a missing backsig
points to a web page explaining how to rectify this. Thus there is no
advertise this command.
> other missing commands are delphoto and revphoto. Are they intentionally ommitted?)
Not sure. David?
> gpg: Signature made 08/22/06 10:02:04 using DSA key ID 0A77A149
> gpg: WARNING: signing subkey 0A77A149 is not cross-certified
> gpg: please see http://www.gnupg.org/faq/subkey-cross-certify.html for more information
> gpg: Can't check signature: general error
> This seems a bit too harsh for me, especially when it will be default. The signature could
We want people to update their key. Experience shows that a warning
is not sufficiebnt. If people don't like to update their key they may
still use --no-require-cross-certification.
> Then I wanted to export and import it on another computer.
> gpg did not import (merge) the new key, because:
> gpg: key 12345678: already in secret keyring.
> gpg did not recognize the new cross-certification. I had to delete the old key before
You only need to import the public key. Updating the secret key is a
More information about the Gnupg-devel