Additional self-signature

David Shaw dshaw at jabberwocky.com
Fri May 27 02:01:44 CEST 2005


On Fri, May 27, 2005 at 02:07:27AM +0300, Oskar L. wrote:
> Werner wrote:
> > When importing a secret key into a keyring without a public key, a
> > public key is created from the secret key.  Due to historic reasons
> > the self-signature on the secret key is a different one than the one
> > created with the public key.  How when importing the public key a new
> > signature will be added and gpg is not able to detects this.  This
> > won't harm because the signatures are effectively identically although
> > not bit wise.
> 
> So why do I also get a second self-signature when I first import the
> public key and then the secret key? Surely some kind of secret key can't
> be created from the public key?

No, it's the other way around.  The public key can be created from the
secret key.  What you are seeing with the second self-signature is a
historical oddity.  In the past, keys were generated with two
different self-signatures - one on the secret key and one on the
public key.  You are just seeing them both.  Newer keys are generated
with a single self signature so you only see one.

> Also, when I delete secring.gpg, why is it recreated when I import a
> pubic key?

It's recreated empty as a placeholder.

David



More information about the Gnupg-users mailing list