Create Subkey Binding

David Shaw
Fri Jan 24 15:40:02 2003

On Thu, Jan 23, 2003 at 11:39:11PM -0600, Laager, Richard James wrote:

> I have a DSS/DH key pair that I'm trying to use with GPG. It refuses
> to encrypt to the key because there is no subkey (i.e. gpg --list-key
> 0xMYKEYID doesn't list any "sub" keys). However, gpg --edit-key
> 0xMEKEYID...toggle lists the ssb. PGP 7.0.3 lists the key as having a
> subkey, but doesn't allow it to be used for encryption. Running
> pgpdump shows that there is no subkey binding. How can I create a
> subkey binding so that this key can be used?

Let me make sure I understand what you are trying to do - you have a
secret/public keypair that has no subkey binding, so you want to add a
binding to the subkey so you can use it.  There is no easy way to do
this, as GnuPG obviously wants to reject an invalid/corrupt subkey.
You'd have to patch the code to override the checks and force GnuPG to
put a binding signature in place.

> P.S. For those that are curious, I'm trying to import a key from
> If someone has an easier way to do this, I'd take that as
> well. I'd still be curious to know if it's possible to add a subkey
> binding.

I took a look at, and it looks rather similar to hushmail.
Was the key generated by and exported to you?  Subkeys
without bindings are not at all secure since any random person can
insert one and become a man in the middle.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson