Key Signing, Subkeys
David Shaw
dshaw at jabberwocky.com
Sat Sep 1 15:16:30 CEST 2007
On Sat, Sep 01, 2007 at 12:39:54PM +0200, g_k at gmx.at wrote:
> Hi!
>
> I'm new to GnuPG and have 2 questions regarding key signing I didn't find
> answers for in the documentation:
>
> 1) Somebody signs my public key, and this "new version" containing
> that additional signature is uploaded to a keyserver. (Am I right so
> far?) How do others that already had my public key before that
> signature get the new version? How do they know there is a new one?
Most people poll for updates occasionally (e.g. "gpg --refresh").
There is no notification method.
> 2) When I have a master key, and a subkey for everyday usage, I
> don't lose all the signatures on the master key if the subkey is
> revoked or expires, since the new subkey will be signed by the
> master key.
True.
> This implies using only the master key for signing.
Not necessarily true. You can use a subkey for signing if you like.
In this usage, the master key is only used for signing other keys
(whether your own subkeys or other peoples keys).
> Now, if someone signs my master key, how will this be reflected on
> the subkey? Do I have to generate a new subkey every time someone
> signs my master key in order that the new signature affects the
> subkey?
No. The trust calculations are between master keys and user IDs
(people don't sign a master key - they sign a master key and user ID).
Subkeys just go along for the ride.
David
More information about the Gnupg-users
mailing list