Import of trustpaths
Eugene Smiley
eugene@esmiley.net
Mon Jun 30 03:52:35 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris H. wrote:
> I have the following trustpath
>
> RootCA
> > SubCA
> >> User1/2/3/etc.
>
> where
> - RootCA signed the SubCA as a trusted introducer
> - SubCA signed the users
>
> If I'm now going to import the pub keys of the RootCA, SubCA,=
and
> the users and if I sign the RootCA as a Metaintroducer, all =
the
> other keys(SubCA, User1/2/3/etc.) should become valid. At =
least
> that's what it does with my PGP client.
>
> But if I import them into my GPG keyring I still have to sign
> every single key manually. Btw attached is the file with my
> Testkeys.
>
> I might be completely stupid but I can't get this to work. =
Once I
> signed the RootCA and trust it fully the other keys still =
don't
> become valid although they're signed as stated above.
>
> What am I doing wrong?
The "Metaintroducer" signature that you made using PGP is not
exportable. IOW, when you import it into GPG, there is no =
siganture
from=20User1/2/3/etc. to RootCA in the file to import into GPG. =
Even
if you imported it into User4 under PGP there would be no sig.
After importing it into GPG you need to sign RootCA using
"--lsign-key" which signs a key locally, IOW non-exportable.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - GPGrelay v0.92
iD8DBQE+/zFe6QPtAqft/S8RAvkxAJ4297/A/BwzDETH2gMGRqsiMKGhRgCg8Jhj
FhnhBMpxc5yiiabZFlkHjMo=3D
=3D9+Oe
-----END PGP SIGNATURE-----