Signing sub-key with PGP

Patrice Fournier
Tue May 22 21:17:02 2001

Please CC: your answers to me as I'm not a member of the mailing list.


I need to sign messages in an automated setup. While the box is not
multi-user, I'd prefer not to have the main key with no password. I looked
at FAQ #4.13 and made my signing subkey and tried to interoperate with PGP
6/7 before doing the next steps.

First test I made was to try to encrypt something to that user from PGP.
It failed with an error about the key being invalid for encryption. I then
decided to add a second encryption subkey and revoke the first one. (all
subkeys have the same expiration day) Now that the last key is an
encryption key, PGP is using it and encrypt sucessfully.

Now, I signed a message with my signing subkey and tried to verify it with
PGP 6 and 7. PGP 6 said the signature was bad while PGP 7 said the signing
algorithm was not supported. When I signed the same message with the main
key, both could verify the signature successfully... How can I use signing
subkeys to sign messages destined to PGP users? Or will I need to use a
second key for signing needs and completly replace that key when needed?


P.S. I'm using GPG 1.05 on Linux and the PGP versions used for tests were
7.0.3, 6.5.3 and 6.5.8 for Windows

Patrice Fournier