subkeys and key flags

Peter Palfrader at
Mon Dec 1 04:34:51 CET 2003

On Sun, 30 Nov 2003, David Shaw wrote:

> > If yes, how do I create a signing subkey that only may be used to sign
> > data/communications?
> A signing subkey has the appropriate key flags set for signing data
> and communications at generation time.  The certification flag is not
> set.

This was only recently added to GnuPG?  I added subkeys to 94C09C7F in
July (1.2.2 was in unstable at the time I think) but pgpdump does not
show key flags.

> > Is it possible to ammend the keyflags by adding a new self signature
> > to a subkey?  (I suppose so, if yes, how do I do it?)
> In theory it's doable, but GnuPG does not provide a means to do it.
> You'd have to hack the source.

Will GnuPG recoginze and handle the second signature correctly?  Do you
know whether PGP, Hushmail, etc will do so?

> > Am I correct when thinking that a subkey that may be used to certify
> > other keys may not be used to sign subkeys?  iow: is the primary key the
> > only one that can bind subkeys to the primary key?
> Yes.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20031201/c5b909aa/attachment.bin

More information about the Gnupg-users mailing list