How trust works in gpg...

David Shaw dshaw at
Thu Apr 24 18:16:44 CEST 2008

On Thu, Apr 17, 2008 at 01:00:23PM +0200, Werner Koch wrote:
> >> Regarding signing challenges; they are fine as along as a signing subkey
> >> is available.
> > This sounds interesting.
> > What would I now from a signing challenge? What is it exactly? Ask the
> > peer to sign my challenge?
> Right.
> > Any why wouldn't it work with the primary (signing) key.
> Because in my case that is off line and I would need to implement quite
> some code to take the signing challenge to the secure offline box with
> the primary key, sign that the challenge, copy the result back to a
> networked box and send it.  Yeah, it is possible to do but it does not
> make much sense to me.  A signing subkey would be easier.

A signing subkey doesn't really work here though.  A given signing
subkey can be attached to any number of keys, and still issue
signatures.  When a make a certification, I am signing the primary key
and a UID.  Thus the things I need to "prove" are that primary key and
that UID.  A signing subkey (or encryption) aren't really involved in


More information about the Gnupg-users mailing list