Possible bug: addkey can create certifying subkey
Werner Koch
wk at gnupg.org
Tue Sep 1 09:45:49 CEST 2009
On Mon, 31 Aug 2009 19:24, jh at jameshoward.us said:
> I am not sure if this is a bug, but given the documentation it is not
> the expected behavior. I created new keys this weekend, due to a lost
> USB drive. Replicating it here, if you specify --expert and create a
> RSA subkey with all the options off, it will create a subkey with all
> the options, including certification turned on. Here's a slightly
That is perfectly okay. If you want to set the key flag for
certification on a subkey, gpg allows you to do so. The OpenPGP
standard does not restrict this.
Note that despite a subkey carrying this flag, OpenPGP (and thus gpg)
will always use the primary key for certification of user-ids and other
subkeys (binding signatures) and for certifying other keys (key
signatures).
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-users
mailing list