Is it possible to certify (sign) a key using a subkey?

Mario Castelán Castro marioxcc.MT at
Fri Aug 18 02:47:16 CEST 2017

On 17/08/17 18:49, Daniel Kahn Gillmor wrote:
> aiui, your main goal was because the certifications are smaller, but
> you're still requiring people to fetch your larger primary key.  if you
> want to really minimize the size, just make a new OpenPGP key that is
> ECDSA-only.

I have chosen RSA as a “known good” algorithm for the primary key
because if I chose a different curve or algorithm for elliptic key once
I have the required knowledge to make an informed decision it will be
more convenient to change only a subkey than to generate a new primary
key. For example, I can keep the signatures (certifications) that I
accumulate during that time on my key, supposing I have the opportunity
to go to a signing party.

Also, using a subkey for signing still has a size advantage. If you
have, say, 5 keys signed by my ECC subkey. there will be less size

Anyway, my question still stands: How can I enable the certificate
capability on a subkey with GPG?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170817/1eb0d6ef/attachment.sig>

More information about the Gnupg-users mailing list