Import a pubkey sans self-sig?
Thu Apr 10 22:35:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, Apr 08, 2003 at 04:10:49PM +0400, Yenot wrote:
> On Tuesday 08 April 2003 01:14 am, David Shaw wrote:
> > On Mon, Apr 07, 2003 at 03:59:03PM -0400, gabriel rosenkoetter wrote:
> > > I'd like to encipher things to keyid 75E4988D (seems to be on
> > > wwwkeys.pgp.net)... but GnuPG simply refuses to import it because
> > > it's lacking a self-signature.
> > >
> > > pgp 6.5.2 (yeah, I know, but this is a long-standing production
> > > process at work that I'm trying to update) has no trouble with this
> > > key.
> > >
> > > --expert doesn't help and we don't have a --force...
> > --allow-non-selfsigned-uid
> I was shocked that non-self-signed UID's were allowed at all.
> The only reason I can think of for such a UID, would be to
> annotate a local key that you don't own. (Just as local
> signatures are used for localized key annotation.)
It's historical. Early versions of PGP (2.x) did not automatically
self-sign user IDs. RFC-2440 maintains that in not requiring a
Note that GnuPG will import and export non-self-signed user IDs, but
will never actually use a key with no self-signed user IDs unless:
1) If --allow-non-selfsigned-uid is set.
2) If a user ID is signed (or lsigned) by an ultimately trusted key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc1 (GNU/Linux)
-----END PGP SIGNATURE-----