GPG self signature missing error

Christoph Anton Mitterer christoph.anton.mitterer at
Mon Nov 23 13:33:07 CET 2009

On Mon, 2009-11-23 at 17:57 +0530, Rahul R wrote:
> then could you plz explain why it is not giving me any error on server
> B that has a gpg version 1.4?
I'm not sure, but it's likely that the older version did simply not
check for this.

Using a key with UIDs that are not signed by that key is dangerous, as
anybody could have attached such an UID to the respective key.
I could for example take your publich key, which has about the following
public key packet
UID packed
signature on the UID packet

...strip of the UID and signature packet and add my own (evil) UID. But
I cannot forge the signature on the UID, well not easily at least ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: </pipermail/attachments/20091123/85e6f828/attachment.bin>

More information about the Gnupg-users mailing list