Add sign key only?
Ben McGinnes
ben at adversary.org
Sat Dec 11 22:59:43 CET 2010
On 12/12/10 8:51 AM, David Shaw wrote:
> On Dec 11, 2010, at 4:42 PM, Ben McGinnes wrote:
>>
>> Cool. What difference (if any) does this make to the
>> generation/export of the public key? And, more to the point, is it
>> best to provide a public key block generated without the presence of
>> the primary key or not?
>
> No difference. The public key is completely separate from the
> private key in this regard, so it makes no difference if the primary
> key is present or not.
Makes sense.
>> Cool. Now that I think about it, anyone needing to check a signature
>> one added to their key would need a public key that included data from
>> the primary key. Did I just answer my own question?
>
> They'd need the public half of the primary key, but that's part of
> your public key. The --export-secret-subkeys trick doesn't touch
> the public key (no point - it's public), so anyone who wants to
> check a key signature can do that.
Excellent. I think that between this and the key transition thread,
all my questions have been answered. :)
Thanks very much and also to everyone who dived into the other thread.
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101212/4032f400/attachment.pgp>
More information about the Gnupg-users
mailing list