Does a secret key need to be signed?

David Shaw dshaw at jabberwocky.com
Tue Jan 17 17:14:47 CET 2006


On Tue, Jan 17, 2006 at 01:32:54AM -0700, Kurt Fitzner wrote:
> I recently exported my key pair from GnuPG and imported it into PGP in
> order to get the user ids balanced between my public and secret keys.
> When I pulled the key pair back into GnuPG, I noticed that my secret key
> is now much smaller.  I did a --list-packets and found that the secret
> key is missing self-signatures.
> 
> My question is, does a secret key actually need to be signed?

No, a secret key does not need to be selfsigned.  The self-signatures
from the public key are the ones that matter.  When self-signing,
GnuPG does put the selfsigs on both the secret and public key as a
convenience: when importing a secret key, GPG can then create a public
key from the secret key automatically.

David



More information about the Gnupg-users mailing list