Singing a key with a subkey
David Shaw
dshaw at jabberwocky.com
Wed Apr 8 05:02:31 CEST 2009
On Apr 7, 2009, at 10:54 AM, Brian Mearns wrote:
> I've exported a crippled version of my private keyset for use at
> work...I did not include the primary/master key in the export, only a
> signing subkey and an encryption subkey. Now I've imported them on a
> different system and want to sign a co-workers key with the subkey,
> but gpg complains that:
>
> gpg: secret key parts are not available
> gpg: signing failed: general error
>
> I'm able to sign files using the subkey (on the same system), so I'm
> not clear why I wouldn't be able to sign a key with it as well. Is
> there something I'm missing, is there a way around this, or is there
> something fundamental about this limitation?
Fundamental. The OpenPGP web of trust is built from signatures from
primary keys. Signing a key with a subkey (which can belong to more
than one primary) does not make sense in this context.
David
More information about the Gnupg-users
mailing list