Signature has algorithms

David Shaw dshaw at
Mon Dec 19 20:34:56 CET 2005

On Wed, Dec 14, 2005 at 07:02:35PM +0100, Topas wrote:
> David Shaw wrote:
> >The procedure you give above will put new self signatures on the key.
> >You can't recreate old ones, but you can delete them.  Note that if
> >you have your key on a keyserver, the old self-sigs will come back
> >since the keyserver (or really anyone else who has a copy of your
> >current key) doesn't delete the old self-sigs.
> > 
> >
> Oh I forogt a little detail,.. =)
> It was clear to me that I get new selfsigs on the primarykey/userid when 
> changin settings (like prefered algorithms, etc.) and it is also clear 
> to me that the older selfsigs will return from the keyserver (but they 
> should be ignored by other users due to the older creation time).
> Was I wanted to know was: How can I get new subkey binding sigs for my 
> subkey (new: with more recent creation time, and of course with the 
> "better" hash algorithm)?

You can't, without hacking GPG to do it.  It's easier to just make a
new subkey.

> It would be better to wait with doing this until gpg understands 
> backsigs, right?
> btw: Do encryption keys get backsigs, too? If not why not?

No.  Backsigs are not really meaningful for encryption keys.  Backsigs
protect against a particular attack (someone claiming your signing is
theirs) that isn't relevant to encryption keys - if someone stole an
encryption key, they might try and claim they owned it, but that
doesn't mean much as they couldn't read anything encrypted to it.

I'm vaguely toying with the idea of including backsigs for encryption
keys with an algorithm that can at least issue signatures (i.e. RSA),
since it doesn't hurt and might be marginally useful, but this
couldn't be a general thing since not all encryption algorithms can
sig (i.e. Elgamal).


More information about the Gnupg-users mailing list