Problem with keys

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jan 16 17:54:33 CET 2013


On 01/16/2013 01:42 AM, Leo Treasure wrote:
> Thanks Hauke! I needed to use the main key to interface with a Bitcoin
> exchange mpex.co. I first exported my ascii armoured public key and sent
> it. For subsequent orders the exchange operator needs me to sign  with
> the same main key.

I note that your key 0x46EEEA4C06CD1637 is a bit unusual in that its
subkey is marked as signing-capable.  with the default gpg --gen-key
creation, the primary key is usually marked as capable for signing and
certification, and the subkey is marked as just encryption-capable.

how did you create this key?

Despite it being unusual, it's entirely reasonable and within the
OpenPGP spec to have a signing-capable subkey.

You should tell mpex.co that their system needs to support
signing-capable subkeys.

Feel free to point them to this discussion, and to encourage them to ask
here if they're unclear about what that means or how they might do so.

> I'm not sure if this is a normal use or not. Do you mean that the main
> key is offline so it is the private key?

no, your primary key is not offline unless you've taken steps to put it
offline (you would know if you had done so).  Hauke was making a
suggestion of something else you could do.

	--dkg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130116/16027d9b/attachment.pgp>


More information about the Gnupg-users mailing list