self signed keys
mailinglisten at hauke-laging.de
Wed Aug 14 16:10:19 CEST 2013
Am Mi 14.08.2013, 09:55:41 schrieb Henry Hertz Hobbit:
> There is no such requirement. Your own keys are trusted
> automatically with ultimate trust when you create them. You
> can stop reading now.
This sounds like the usual mix-up of (certification) trust and validity.
> You do not not need to sign your own key. The reason why is
> because when you generate your key, it has an entry for it
> that is automatically added to the trustdb with ULTIMATE trust.
I just checked that. Surprisingly gpg shows non-selfsigned UIDs of ultimately
trusted keys as valid. Doesn't make sense IMHO (as trust refers to the mainkey
itself and not to the UIDs) but this is a very special case thus I am not sure
whether this behaviour is intentional or rather coincidental.
But: What is the argument for not self-signing a key?
> If it wasn't this way then you would have a chicken versus egg
> problem. You couldn't sign or lsign anybody else's key
> using your private / secret key because your own key wasn't
You could. You just wouldn't make them valid by it. :-) (unless they are
valid by other means and have marginal or complete trust).
> If you cannot trust yourself to be yourself then maybe you have
> MPD and need an eminent brain specialist's help.
One more mix-up of validity (=to "be" someone) and trust (assumes quality of
certifications). You may create an unsecure test key (quite probably that you
already have). There is absolutely no reason to assign positive certification
trust to an insecure key, no matter how sure you are about the identity of the
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 572 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users