Is self-signing necessary? Basic questions.

David Shaw dshaw at
Sun Jan 2 22:07:57 CET 2011

On Jan 2, 2011, at 2:43 PM, Daniel Kahn Gillmor wrote:

> On 01/02/2011 10:01 AM, David Shaw wrote:
>> The only significant use of the direct-key signature is for key owners
>> to add designated revokers to their key.  Designated revokers are carried
>> in a subpacket on a direct key signature.
> I think a revocation certificate (that is, revoking the primary key, not
> just revoking a given User ID or subkey) is also implemented as a
> direct-key signature.

No, a revocation certificate is its own sort of signature.  Unlike a direct key signature where various pieces of meaning are carried as subpackets, a revocation signature carries the revocation meaning inherently.  (Signature class 0x1F vs class 0x20).


More information about the Gnupg-users mailing list