Singing a key with a subkey

David Shaw dshaw at
Wed Apr 8 05:02:31 CEST 2009

On Apr 7, 2009, at 10:54 AM, Brian Mearns wrote:

> I've exported a crippled version of my private keyset for use at
> work...I did not include the primary/master key in the export, only a
> signing subkey and an encryption subkey. Now I've imported them on a
> different system and want to sign a co-workers key with the subkey,
> but gpg complains that:
> gpg: secret key parts are not available
> gpg: signing failed: general error
> I'm able to sign files using the subkey (on the same system), so I'm
> not clear why I wouldn't be able to sign a key with it as well. Is
> there something I'm missing, is there a way around this, or is there
> something fundamental about this limitation?

Fundamental.  The OpenPGP web of trust is built from signatures from  
primary keys.  Signing a key with a subkey (which can belong to more  
than one primary) does not make sense in this context.


More information about the Gnupg-users mailing list