Question about key fingerprint

Werner Koch wk at
Fri Aug 10 14:19:21 CEST 2012

On Fri, 10 Aug 2012 11:49, at said:

> Is the entire GnuPG key block (including subkeys and owner informations)
> signed by the master key ?

Not directly.  Only certain packets are signed.  If you look at the
figure below the straight lines on the right mark stuff which is signed.
(The dotted parts not included in the signed stuff).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-cert.svg
Type: image/svg+xml
Size: 8197 bytes
Desc: not available
URL: </pipermail/attachments/20120810/a35e6ceb/attachment.svg>
-------------- next part --------------

For example the first self-signature signs the Primary Public Key Packet
concatenated with the User ID packet (heinrichh at  The
key signatures from Alice and Bob do the same.  The key binding
signature at the bottom is done by signing the Primary Public Key packet
concatenated with the Secondary Public Key packet.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list