back signatures

Christoph Anton Mitterer cam at
Sun Nov 13 03:57:11 CET 2005


Took a while but now I've time to answer.

David Shaw wrote:

>>Ah,... I see,.. but is this problem only limited to signing subkeys? It 
>>should be, right? Because the primary is protected by the selfsigned 
>>user id? Or is there another reason? (just want to check if I'm slowly 
>>understand how all these things work :-D )
>Not exactly.  The problem is limited to signing subkeys because
>identity is attached to the primary key.  When you make a signature
>with your primary key, you're saying "key XXXX made this signature,
>and key XXXX is owned by Joe Smith".
How is a signature bound to the key that made the signature? Just by the 
encrypted hash (by encrypting with the private key of the signer) or 
does it contain information like fingerprint (of the signing key) or 
which UID was used, too?
I thougt it is like the following:
"key XXXX made this signature"
than I look at my pubring and see:
"i have a key XXXX" and "an UID YYYY is attached to it"

Or not?

>When you make a signature with a
>signing subkey, you're saying "key XXXX made this signature, and key
>XXXX is owned by key YYYY and key YYYY is owned by Joe Smith".
Same as above, I thought it would work the following:
"(sub)key WWWW made this signature"
than I look at my pubring and see:
"i have a subkey WWWW" and "an subkey is is bound by 0x18 to primary key 
than I look at my pubring and see:
"i have a key XXXX" and "an UID YYYY is attached to it"

Or not?

>The problem is that only key YYYY (the primary) asserts ownership of
>key XXXX (the signing subkey), which means that ZZZZ (someone elses
>primary) can come along and also assert ownership of XXXX.  The fix
>("back signatures") is to have XXXX assert posession by YYYY.  This
>foils ZZZZ since she cannot issue a signature from XXXX.
Yes,.. that was clear,.. btw: is there a special tag for backsignatures 

>>Is it correct that the primary has not directly a single self sig 
>>packet, but rather 0x13s are used therefor? If so,.. what is 0x1F 
>>(signature direct on key) used for? I thought this is used for primary 
>No, 0x13 (or 0x10, 0x11, 0x12) are used to sign a user ID and primary
>key together.  Historically, people call this "signing a key", but
>it's really signing a user ID + key.
Ok,.. in principle it was clear,.. I just thought, that 0x10-13 are used 
only for signing other user's keys.

>0x1F signatures are truly signing a key alone.
Can you give me an example where someone would do this? I mean what this 
is useful for?

>Yes, indeed.
I suggest that gpg should behave the following:
- suggest adding backsigs if it finds a private/public keypair without 
backsigs (most users won't notice the backsin command)
- of course warn a user if it finds signed data by a signing subkey 
which don't have backsigs. I'd even go so far to say that gpg should 
tell that the sig is invalid at all.

Take care,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cam.vcf
Type: text/x-vcard
Size: 449 bytes
Desc: not available
Url : /pipermail/attachments/20051113/afd5a98d/cam-0001.vcf

More information about the Gnupg-users mailing list