I d like to have multiple signing key in my certificate

David Shaw dshaw at jabberwocky.com
Thu Apr 7 21:46:50 CEST 2011


On Apr 7, 2011, at 3:23 PM, Jean-Jacques Brucker wrote:

> Hi, I wanted to hold multiple signing key in my certificate, so I created 2 sub-keys with the sign flag. But I am unable to choose the key I want to use to sign : I have tried to specify the signing key I want to use with the --local-user option, eg.: 
> 
> $ gpg2 --detach-sign -u 96193F28 M.C.jpg
> $ gpg2 --detach-sign -u 7CFD0EC7 M.C.jpg
> 
> But both signatures use the last signing key in my certificate. (ie. 7CFD0EC7).
> 
> Is there a way to tel gpg (i still use v. 2.0.13... i will compile the git version soon) to sign with a specific key in a certificate ?

Yes.  Add an ! (exclamation point) after the key number you want.

For example:

$ gpg2 --detach-sign -u 96193F28! M.C.jpg
$ gpg2 --detach-sign -u 7CFD0EC7! M.C.jpg

> I have an other question, but concerning the RFC4880 : There is a lot of reserved subpacket type for signature. Why so many ?
> In fact I would like to make signing chain, there is a subpacket type for "Issuer", but none for "Recipient" which make sense in a signing chain. Was a reserved type used for "Recipient" which we could reuse for signing chain ? (17 ?)

Reserved in this context pretty much means reserved so that nobody uses it (i.e. the numbers were in use at one point, and marking them reserved ensures that nobody accidentally makes a new subpacket that conflicts).  If a new subpacket is defined, we'd number it after 32.  Perhaps someday we'll be forced to reallocate the reserved numbers, but we're nowhere near the need for that yet.

David




More information about the Gnupg-devel mailing list