export single UID of a key

David Shaw dshaw@jabberwocky.com
Wed Apr 9 00:00:01 2003

Hash: SHA1

On Tue, Apr 08, 2003 at 11:12:44PM +0200, Michael Nahrath wrote:
> David Shaw <dshaw@jabberwocky.com> schrieb am 2003-04-08 20:45:
> >> 2. Sign only one UID and send it in an encrypted mail to this UID's mail
> >> address.
> >> Do this for every UID in a key seperately.
> >> Do _not_ keep these signatures in your normal keyring.
> >> If the key owner uploads the signatures to the keyservers he prooves that
> >> he owns the secret key. You get your signature back via '--refresh-keys'.
> > 
> > Note that this doesn't really give you what you want in all cases.
> > OpenPGP keys are usually made up of a primary signing key and a number
> > of secondary encryption keys.  There are other combinations, but that
> > is by far the most common.
> I am aware of the limitation to key with encryption-subkeys.
> Pure Certification keys or UIDs without e-mail address can't bechecked that
> way -- but they can't be checked with an encrypted chelange either.

So don't encrypt the challenge.  Encrypting the challenge doesn't buy
you any additional security.  You don't need confidentiality here -
you need identity confirmation.

> > Anyway, when you sign a key, you are actually signing the primary key
> > plus the user ID.
> AFAIKS the signatures are only detached to the UID parts, at least this is
> how GPG and the keyservers display it.

Nevertheless, you are signing the primary key plus the user ID.  It
doesn't matter how programs display it for human consumption.

> Is there a difference in the end if I sign all UIDs in one turn or each by
> its own (except from differences in signing time)?


> > If you follow #2 above, you are actually sending
> > the signed key to an entity that may or may not control the signing
> > key - 
> Is it possible that someone owns and uses only the decryption subkey but
> not the primary signing key to it?

Yes.  That is why the method being discussed does not work in all

> If the owner of the UID's e-mail doesn't controll the secret key to decrypt
> my message the signed key will stay unpacked forever.
> After signing and sending it doesn't even exist in my keyring any more.

You are signing the primary key... but giving someone with access to
only the decryption key the ability to use your signature.  Signing A,
but giving B access to it.  A and B are not necessarily the same

By using a challenge, you are signing A, and requiring proof that the
entity controls A.

Version: GnuPG v1.2.2rc1 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc