Is it possible to create additional signatures for subkeys?

Hauke Laging mailinglisten at
Wed Nov 7 03:58:16 CET 2012


subject says it all...

UIDs can be revoked and reactivated by a newer signature. But I have not found 
a way to create new signatures for subkeys. There are at least two reasons to 
do that:

1) Like with UIDs, correcting an unwanted revocation.

2) What really happened to me: The subkey signature can have unwanted 
components (caused by --cert-notation).

Technically I do not see a difference between UIDs ans subkeys which would 
explain this asymmetry. But gpg offers to create new signatures for UIDs but 
seems not to offer that for subkeys (the same for signature deletion).

There is also no equivalent to --allow-non-selfsigned-uid for subkeys. I used 
gpgsplit to get rid of the revocation signature. But this is of no use if the 
revocation signature has escaped into the public. I also stripped off the 
subkey self-signature but then the subkey does not get imported at all (I had 
hoped for a repair option).

I have to admit that I have not checked the RfC. Does it prevent the existence 
of several subkey signatures? Or is there no fundamental reason against this 
but due to lack of demand this has not been implemented?

PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20121107/70586c15/attachment.pgp>

More information about the Gnupg-users mailing list