Is it possible to sign a key again after revoking a signature?

Philip Jägenstedt philip at foolip.org
Fri Aug 2 07:17:58 CEST 2013


Hi all,

I'm new to GnuPG and have probably been a little too ambitious for my
own good. I originally signed key AB4DFBA4 at level 3 after a meetup,
but was later paranoid that I was too lax and wanted to resign it at
level 2, but did the resigning (by deleting the first signature locally)
and revoking in the wrong order, and left my signature simply revoked.

After some tinkering I arrived at
<http://foolip.org/2013/08/02/signing-policy/> and now want to sign the
key again at level 3, but want to make sure I don't make a mess of it
again. The problem:

When I try to sign the key using gpg --edit-key, I'm told that (twice)
that the key "was already signed by key 9DC6C210" and that there's
"Nothing to sign with key 9DC6C210."

The first time I bypassed this didn't turn out great, so can someone
confirm to me that my (3) existing signatures locally, signing again and
then syncing with the keyserver will leave this is in a state where my
signature will be considered valid, in spite of an earlier revoke on the
same key?

As a side note, the interaction with revsig at the point where I had
made two signatures tricked me into thinking that it was possible to
revoke only one of them, since it asked for both of them separately.
Should I file a bug for this, or is it intentional? Also, since gpg
apparently doesn't really want one to make multiple signatures on the
same key, maybe it should warn when trying to upload a signature when
there's already one on the keyserver, but not locally?

/ Philip
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20130802/d8e53424/attachment.sig>


More information about the Gnupg-users mailing list