Is self-signing necessary? Basic questions.

David Shaw dshaw at
Sun Jan 2 16:01:35 CET 2011

On Jan 2, 2011, at 7:27 AM, MFPA wrote:

> Hash: SHA512
> Hi
> On Sunday 2 January 2011 at 5:05:06 AM, in
> <mid:497685A4-E286-455B-AA00-26C3265059EB at>, David Shaw
> wrote:
>> There is a way to sign a key alone, without signing any
>> user IDs.  Nobody supports it for 3rd party signatures
>> like these.
> That brings two questions to my mind.
> 1. How would you do that with GnuPG; it prompts to select user IDs?

You can't.  Like I said, nobody supports it.  Non-owner use of the direct key signature is one of those odd corners in OpenPGP that is needed in the spec to cover all possible cases, but is not needed in reality since nobody uses it.  It would break the current model of the WoT, which is another knock against it.

The only significant use of the direct-key signature is for key owners to add designated revokers to their key.  Designated revokers are carried in a subpacket on a direct key signature.

> 2. What statement would such a signature actually be making?

Only that which is contained inside the signature subpackets of the signature itself.  For example, if someone wanted to attach a notation to the key.


More information about the Gnupg-users mailing list