Question about how to secure the signing key

David Shaw dshaw at
Wed Feb 4 22:35:11 CET 2009

On Wed, Feb 04, 2009 at 06:22:05PM -0300, Faramir wrote:
> Well, I was reading some old messages of this list (from 2004), and saw
> something about it would be possible to steal the public part of a
> signing subkey... the solution was:
> "The fix is fairly simple conceptually.  Just have the signing subkey
> issue a signature on the primary key."
>  And, since I made a signing subkey, I'd like to know if I need to do
> something to issue that signature, or if it was done automatically by
> gpg. The key was created using gpg 1.4.9, so maybe that problem was
> solved a lot of time ago... or maybe it still require some user
> action...

If the key was created with 1.4.9, the problem is already solved.  As
of 1.4.3 (2006-04-03), GPG supports the necessary cross-certification.

You'd know if you had the problem - every time you verify a signature
from an unfixed key, you'll get a warning about a missing


More information about the Gnupg-users mailing list