subkeys and key flags

Peter Palfrader at
Sun Nov 30 18:36:14 CET 2003

I noticed that GnuPG used to sign other keys using subkeys, at least
with ElGamal sign and encrypt subkeys[1].

What semantics does a lack of key flags[2] have?  Does it mean that the
(sub)key is good for all purposes, including certifying other keys?

If yes, how do I create a signing subkey that only may be used to sign
data/communications?  Is it possible to ammend the keyflags by adding a
new self signature to a subkey?  (I suppose so, if yes, how do I do it?)

Am I correct when thinking that a subkey that may be used to certify
other keys may not be used to sign subkeys?  iow: is the primary key the
only one that can bind subkeys to the primary key?

Looking forward to your answers,
 1: for instance 2F6DD073 signed 94C09C7F.
 2: RFC2440:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20031130/3f88be49/attachment.bin

More information about the Gnupg-users mailing list