Invalid cross certification?

Werner Koch wk at
Tue Apr 8 18:44:06 CEST 2008

On Tue,  8 Apr 2008 17:35, rjh at said:

> 1.  If 1.4.9 and 2.0.9 use the same crypto code for OpenPGP, why is
> there this difference in functionality?

I did a quick check and I can't find a difference in the code.  Do
youuse the same config file?  Note that gpg tries to read a gpg.conf-2
file first.  If David has no other idea, I'd ask you to send me that
test signature.

> 2.  How is it possible to put an 0x19 signature on the primary key from
> the subkey, in order to get rid of this error message?

I am not sure whether this works.  We probably never tested the case
to rectify an invalid cross-signature:

    (en)If you have been pointed to this page by someone who received
        a warning when verifying one of your signatures, your key does
        not contain a subkey cross-certification.  You can easily add
        this cross-certification using GnuPG 1.4.3 or later.  To do
        this, simply run "gpg --edit-key (yourkey)" and then enter
        "cross-certify".  You'll need to type your passphrase, and
        GnuPG will add the necessary cross-certification.  Once this
        is done, you should distribute your key however you like (send
        it to a keyserver, post on a web page, etc).  If you have
        already done this and people are still receiving the warning,
        make sure they have updated their copy of your key from the
        keyserver or web page.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list