Question about how to secure the signing key
David Shaw
dshaw at jabberwocky.com
Wed Feb 4 22:35:11 CET 2009
On Wed, Feb 04, 2009 at 06:22:05PM -0300, Faramir wrote:
> Well, I was reading some old messages of this list (from 2004), and saw
> something about it would be possible to steal the public part of a
> signing subkey... the solution was:
>
> "The fix is fairly simple conceptually. Just have the signing subkey
> issue a signature on the primary key."
>
> And, since I made a signing subkey, I'd like to know if I need to do
> something to issue that signature, or if it was done automatically by
> gpg. The key was created using gpg 1.4.9, so maybe that problem was
> solved a lot of time ago... or maybe it still require some user
> action...
If the key was created with 1.4.9, the problem is already solved. As
of 1.4.3 (2006-04-03), GPG supports the necessary cross-certification.
You'd know if you had the problem - every time you verify a signature
from an unfixed key, you'll get a warning about a missing
cross-certification.
David
More information about the Gnupg-users
mailing list