How trust works in gpg...
David Shaw
dshaw at jabberwocky.com
Thu Apr 24 18:16:44 CEST 2008
On Thu, Apr 17, 2008 at 01:00:23PM +0200, Werner Koch wrote:
> >> Regarding signing challenges; they are fine as along as a signing subkey
> >> is available.
> > This sounds interesting.
> > What would I now from a signing challenge? What is it exactly? Ask the
> > peer to sign my challenge?
>
> Right.
>
> > Any why wouldn't it work with the primary (signing) key.
>
> Because in my case that is off line and I would need to implement quite
> some code to take the signing challenge to the secure offline box with
> the primary key, sign that the challenge, copy the result back to a
> networked box and send it. Yeah, it is possible to do but it does not
> make much sense to me. A signing subkey would be easier.
A signing subkey doesn't really work here though. A given signing
subkey can be attached to any number of keys, and still issue
signatures. When a make a certification, I am signing the primary key
and a UID. Thus the things I need to "prove" are that primary key and
that UID. A signing subkey (or encryption) aren't really involved in
that.
David
More information about the Gnupg-users
mailing list