How are primary key binding signatures (0x19) handled by gpg?

David Shaw dshaw at
Thu May 22 21:41:37 CEST 2014

On May 22, 2014, at 1:04 PM, martijn.list <martijn.list at> wrote:

> According to RFC 4880
> "For subkeys that can issue signatures, the subkey binding signature
> MUST contain an Embedded Signature subpacket with a primary key binding
> signature (0x19) issued by the subkey on the top-level key."
> The sub key of the following key (key ID 0549B8A5640444E6) is valid for
> signing (RSA Encrypt or Sign) but it does not contain a primary key
> binding signature:
> Enigmail tells me that the sub key is valid for signing. It might be
> that I misunderstand the requirement but it seems that in this case the
> key should not be used for signing since it lacks the primary key
> binding signature. I know that this requirement is relatively recent so
> it might be that for this key the current behaviour is for backward
> compatibility reasons. Is there some documentation on how GPG handles
> signing sub keys without a valid primary key binding signature?

When verifying a signature from a subkey without a 0x19 binding signature (aka "backsig"), you should get an error:

 WARNING: signing subkey XXXXXX is not cross-certified
 please see for more information

and the signature verification will fail.

If you own the key in question, you can add a backsig to it via "gpg --edit-key 0549B8A5640444E6" and then "cross-certify".


More information about the Gnupg-users mailing list