Import of trustpaths
Mon Jun 30 03:52:35 2003
-----BEGIN PGP SIGNED MESSAGE-----
Chris H. wrote:
> I have the following trustpath
> > SubCA
> >> User1/2/3/etc.
> - RootCA signed the SubCA as a trusted introducer
> - SubCA signed the users
> If I'm now going to import the pub keys of the RootCA, SubCA,=
> the users and if I sign the RootCA as a Metaintroducer, all =
> other keys(SubCA, User1/2/3/etc.) should become valid. At =
> that's what it does with my PGP client.
> But if I import them into my GPG keyring I still have to sign
> every single key manually. Btw attached is the file with my
> I might be completely stupid but I can't get this to work. =
> signed the RootCA and trust it fully the other keys still =
> become valid although they're signed as stated above.
> What am I doing wrong?
The "Metaintroducer" signature that you made using PGP is not
exportable. IOW, when you import it into GPG, there is no =
from=20User1/2/3/etc. to RootCA in the file to import into GPG. =
if you imported it into User4 under PGP there would be no sig.
After importing it into GPG you need to sign RootCA using
"--lsign-key" which signs a key locally, IOW non-exportable.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - GPGrelay v0.92
-----END PGP SIGNATURE-----