trust your corporation for keyowner identification?

Paul R. Ramer free10pro at
Mon Nov 4 22:44:51 CET 2013

MFPA <expires2013 at> wrote:
>Why do we need to establish they can also sign? Isn't it enough to
>demonstrate they control the email address and can decrypt, by signing
>one UID at a time and sending that signed copy of the key in an
>encrypted email to the address in that UID?

You are right.  Decryption is sufficient to demonstrate control of the private key, because if he can decrypt, he can also sign.  What I said, "decrypt and sign," was redundant.


PGP: 3DB6D884

More information about the Gnupg-users mailing list