How are primary key binding signatures (0x19) handled by gpg?
David Shaw
dshaw at jabberwocky.com
Thu May 22 21:41:37 CEST 2014
On May 22, 2014, at 1:04 PM, martijn.list <martijn.list at gmail.com> wrote:
> According to RFC 4880
>
> "For subkeys that can issue signatures, the subkey binding signature
> MUST contain an Embedded Signature subpacket with a primary key binding
> signature (0x19) issued by the subkey on the top-level key."
>
> The sub key of the following key (key ID 0549B8A5640444E6) is valid for
> signing (RSA Encrypt or Sign) but it does not contain a primary key
> binding signature:
>
> http://pgp.mit.edu/pks/lookup?search=0x0549B8A5640444E6&op=index
>
> Enigmail tells me that the sub key is valid for signing. It might be
> that I misunderstand the requirement but it seems that in this case the
> key should not be used for signing since it lacks the primary key
> binding signature. I know that this requirement is relatively recent so
> it might be that for this key the current behaviour is for backward
> compatibility reasons. Is there some documentation on how GPG handles
> signing sub keys without a valid primary key binding signature?
When verifying a signature from a subkey without a 0x19 binding signature (aka "backsig"), you should get an error:
WARNING: signing subkey XXXXXX is not cross-certified
please see http://www.gnupg.org/faq/subkey-cross-certify.html for more information
and the signature verification will fail.
If you own the key in question, you can add a backsig to it via "gpg --edit-key 0549B8A5640444E6" and then "cross-certify".
David
More information about the Gnupg-users
mailing list