Certification-only key

David Shaw dshaw at jabberwocky.com
Mon Sep 5 19:46:07 CEST 2005

On Mon, Sep 05, 2005 at 04:41:40PM +0200, Lionel Elie Mamane wrote:
> Hi,
> I tried to generate an RSAv4 certification-only key with GnuPG, but
> failed, even in "expert mode".
> What I mean is a primary key that can be used to attach a subkey to
> it, or _maybe_ also to sign UserIDs of other keys (for the Web of
> Trust). But not for data signatures. As I understand the RFC, I want a
> primary key with key flags 0x01 (or maybe even 0x00?).

It would be 0x01.  0x00 is not meaningful in PGP since that would mean
"key with no capabilities".  The standard requires that all primary
keys must be able to certify.  Even if the 0x01 bit is not set by the
user, primary keys can certify.

> But GnuPG only presents me with three "bits" to flip:
>  - signature, which seems to set key flag 0x03
>  - encryption, which seems to set key flag 0x0C
>  - authentication, which seems to set flag 0x21
> I tried turning all three bits off, but then the key doesn't have a
> key flags subpacket (packet 27) at all and seems to be treated by
> GnuPG as a "everything is allowed" key.
> Is this impossible with GnuPG? Is it a bad idea? Why? Do I
> misunderstand the RFC?

It's not impossible - 1.4.3 (not released yet) supports certify-only
keys like you want.  It's not necessarily a good idea though: some
people before agreeing to sign a key will ask for a signed message to
prove that you "own" the secret portion of the key they are about to
sign.  Without the ability to sign, such a signature is hard to

Why do you want such a key?


More information about the Gnupg-users mailing list