Is it possible to certify (sign) a key using a subkey?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Aug 18 01:49:23 CEST 2017


On Thu 2017-08-17 07:42:06 -0500, Mario Castelán Castro wrote:
> No, it does not have the certify capability. How can I enable this
> capability?

I recommend re-considering this approach, because there is likely to be
software out there that:

 (a) doesn't expect to see certifications from subkeys at all, or
 
 (b) can't handle ECDSA

aiui, your main goal was because the certifications are smaller, but
you're still requiring people to fetch your larger primary key.  if you
want to really minimize the size, just make a new OpenPGP key that is
ECDSA-only.  That will still leave you on the outs with people using
software in the (b) category, but you won't have to worry about the (a)
category of software at all, and you will decrease the size of the
necessary transfered data even further.

          --dkg



More information about the Gnupg-users mailing list