export single UID of a key

Michael Nahrath gnupg-users@nahrath.de
Tue Apr 8 23:12:01 2003

Hash: SHA1

David Shaw <dshaw@jabberwocky.com> schrieb am 2003-04-08 20:45:

>> 2. Sign only one UID and send it in an encrypted mail to this UID's mail
>> address.
>> Do this for every UID in a key seperately.
>> Do _not_ keep these signatures in your normal keyring.
>> If the key owner uploads the signatures to the keyservers he prooves that
>> he owns the secret key. You get your signature back via '--refresh-keys'.
> Note that this doesn't really give you what you want in all cases.
> OpenPGP keys are usually made up of a primary signing key and a number
> of secondary encryption keys.  There are other combinations, but that
> is by far the most common.

I am aware of the limitation to key with encryption-subkeys.

Pure Certification keys or UIDs without e-mail address can't bechecked that
way -- but they can't be checked with an encrypted chelange either.

> Anyway, when you sign a key, you are actually signing the primary key
> plus the user ID.

AFAIKS the signatures are only detached to the UID parts, at least this is
how GPG and the keyservers display it.

Is there a difference in the end if I sign all UIDs in one turn or each by
its own (except from differences in signing time)?

> If you follow #2 above, you are actually sending
> the signed key to an entity that may or may not control the signing
> key - 

Is it possible that someone owns and uses only the decryption subkey but
not the primary signing key to it?

> in effect, signing something without strong proof that the
> recipient actually "owns" that key.

If the owner of the UID's e-mail doesn't controll the secret key to decrypt
my message the signed key will stay unpacked forever.
After signing and sending it doesn't even exist in my keyring any more.
> There are cases where this isn't a problem (a PGP 2.x key, or a
> sign+encrypt primary key), but the common case is a problem.

Sorry, if there es a basical logical problem I still don't get the point.
At least I don't see the advantage of the chellange method, for it depends
on checking the ability to decrypt an encrypted message as well.

Greeting, Michi
Comment: http://www.biglumber.com/x/web?qs=0x9A4C704C