Question about how to secure the signing key

David Shaw dshaw at jabberwocky.com
Wed Feb 4 22:35:11 CET 2009


On Wed, Feb 04, 2009 at 06:22:05PM -0300, Faramir wrote:
> Well, I was reading some old messages of this list (from 2004), and saw
> something about it would be possible to steal the public part of a
> signing subkey... the solution was:
> 
> "The fix is fairly simple conceptually.  Just have the signing subkey
> issue a signature on the primary key."
> 
>  And, since I made a signing subkey, I'd like to know if I need to do
> something to issue that signature, or if it was done automatically by
> gpg. The key was created using gpg 1.4.9, so maybe that problem was
> solved a lot of time ago... or maybe it still require some user
> action...

If the key was created with 1.4.9, the problem is already solved.  As
of 1.4.3 (2006-04-03), GPG supports the necessary cross-certification.

You'd know if you had the problem - every time you verify a signature
from an unfixed key, you'll get a warning about a missing
cross-certification.

David



More information about the Gnupg-users mailing list