subkeys and key flags

David Shaw dshaw at
Sun Nov 30 16:11:31 CET 2003

On Sun, Nov 30, 2003 at 06:36:14PM +0100, Peter Palfrader wrote:
> I noticed that GnuPG used to sign other keys using subkeys, at least
> with ElGamal sign and encrypt subkeys[1].
> What semantics does a lack of key flags[2] have?  Does it mean that the
> (sub)key is good for all purposes, including certifying other keys?

Yes and no.  There is nothing banning subkeys certifying other keys in
2440, but at the same time, this is not a meaningful statement of
validity in the commonly used trust models.  GnuPG did do it
accidentally in the past for a release or two.  It hasn't done this in
a long time.

A lack of key flags means that the key may be used for whatever the
algorithm can support.  So, for example, an RSA type 1 key without key
flags is effectively a sign+encrypt key.

> If yes, how do I create a signing subkey that only may be used to sign
> data/communications?

A signing subkey has the appropriate key flags set for signing data
and communications at generation time.  The certification flag is not

> Is it possible to ammend the keyflags by adding a new self signature
> to a subkey?  (I suppose so, if yes, how do I do it?)

In theory it's doable, but GnuPG does not provide a means to do it.
You'd have to hack the source.

> Am I correct when thinking that a subkey that may be used to certify
> other keys may not be used to sign subkeys?  iow: is the primary key the
> only one that can bind subkeys to the primary key?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 330 bytes
Desc: not available
Url : /pipermail/attachments/20031130/1466a8d8/attachment.bin

More information about the Gnupg-users mailing list