Additional self-signature

David Shaw dshaw at
Fri May 27 14:45:55 CEST 2005

On Fri, May 27, 2005 at 10:06:12AM +0300, Oskar L. wrote:
> "David Shaw" <dshaw at> wrote:
> > No, it's the other way around.  The public key can be created from the
> > secret key.  What you are seeing with the second self-signature is a
> > historical oddity.  In the past, keys were generated with two
> > different self-signatures - one on the secret key and one on the
> > public key.  You are just seeing them both.  Newer keys are generated
> > with a single self signature so you only see one.
> Thanks for your anwser, but I'm a bit confused now about what exactly you
> mean by "in the past" and "newer keys", since this is happening even
> though I'm using the current version (1.4.1, Debian package), and the
> keypair was also generated using the same version.

"Newer keys" is 1.4.2 and later.  I'm sorry I didn't make that clear.

> "Werner Koch" <wk at> wrote:
> > It has been fixed in the CVS when creating new keys.  How only one
> > self-signature is created and used verbatim also for the secret key.
> > This will go into 1.4.2.
> Will 1.4.2 also be able to fix the signatures on older keys?

There is no need to.  The extra signature is harmless (it's a
signature issued by you, on your own key after all).  If it really
bothers you, you can use --edit-key and 'delsig' to delete one of them
(it doesn't matter which one).

I'm working on a general solution for extra signatures and what to do
with them, but it's important to note that this is mainly an aesthetic
problem.  The key will work just fine, and there is no weakness in
having extra signatures.  Some people just don't like extra
signatures, and when you get into things like the Global Directory,
you can have a LOT of extra signatures.


More information about the Gnupg-users mailing list