Does a secret key need to be signed?
David Shaw
dshaw at jabberwocky.com
Tue Jan 17 17:14:47 CET 2006
On Tue, Jan 17, 2006 at 01:32:54AM -0700, Kurt Fitzner wrote:
> I recently exported my key pair from GnuPG and imported it into PGP in
> order to get the user ids balanced between my public and secret keys.
> When I pulled the key pair back into GnuPG, I noticed that my secret key
> is now much smaller. I did a --list-packets and found that the secret
> key is missing self-signatures.
>
> My question is, does a secret key actually need to be signed?
No, a secret key does not need to be selfsigned. The self-signatures
from the public key are the ones that matter. When self-signing,
GnuPG does put the selfsigs on both the secret and public key as a
convenience: when importing a secret key, GPG can then create a public
key from the secret key automatically.
David
More information about the Gnupg-users
mailing list