Add sign key only?

Ben McGinnes ben at
Sat Dec 11 22:59:43 CET 2010

On 12/12/10 8:51 AM, David Shaw wrote:
> On Dec 11, 2010, at 4:42 PM, Ben McGinnes wrote:
>> Cool.  What difference (if any) does this make to the
>> generation/export of the public key?  And, more to the point, is it
>> best to provide a public key block generated without the presence of
>> the primary key or not?
> No difference.  The public key is completely separate from the
> private key in this regard, so it makes no difference if the primary
> key is present or not.

Makes sense.

>> Cool.  Now that I think about it, anyone needing to check a signature
>> one added to their key would need a public key that included data from
>> the primary key.  Did I just answer my own question?
> They'd need the public half of the primary key, but that's part of
> your public key.  The --export-secret-subkeys trick doesn't touch
> the public key (no point - it's public), so anyone who wants to
> check a key signature can do that.

Excellent.  I think that between this and the key transition thread,
all my questions have been answered.  :)

Thanks very much and also to everyone who dived into the other thread.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101212/4032f400/attachment.pgp>

More information about the Gnupg-users mailing list