-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Adam,
2011/11/8 Adam <[email protected]>: > when creating a new key, gpg2 creates a selfsig and a subkey which is > selfsiged as well. Why does it do so? Why not create just a plain key > without subkey and selfsig? gpg2 (and gpg 1 the same) by default creates a 'certificate' with two keys, one for signing/certifying and the other for encryption. Actually, this 'certificate', composed by a master signing key and an encryption subkey, is what is generally called 'key'. There are some reasons behind this choice, I think the main one is because it's safer to manage different keys for different needs. You can have only a signing key for authenticate the messages you sent and, at the same time, have more than one encryption key to enhance your security. You can, for instance, revoke an encryption key if you think it's compromised or if you want to change it because it's superseded or what you want... while keeping working your signing one, validating what you sign, independently. About the self-signature: Your 'certificate' is an association between your cryptographic keys and your identities. The self-signature is what makes this 'magic' work, thus binding the two in a strong and verifiable relationship. Without it, someone could, for example, add other uids to your key without any problem, and it could be dangerous for the whole functioning of the web of trust. There's also a 'key-binding signature' between your master key and your subkeys, for the same important reason. Hope it helps. :-) Simone -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCgAGBQJOuUQnAAoJEGfVQEsGVc2ArpcP/1ZL1Wo9/GldKbremU3bMNwg Sz3KiR8GJeyEyCz3WI7pjLy6zjrfcCzi59dQ/xvlvBseE6xvhn1DiDNhL05VebvY IaMCH2axqGNWgTU4FGsMdmQAf9eKwwRSmOYfb6URp8219TgyDG20TzWs1lQo0Sl8 tMaHuyNUUfMW7ICFAlvZxHwddjnxnRQLW7GdpRUe45Gwb/EBK2TIYW2BHlq4L0xE 5KJi5JvjcfSgq0q2xt6umP+IXDD/bKIhciKvmmBfNGXI2jBWb9sBbKh8ll7sRRSo +q/9r9DXnR7QE0R6y1A9LYqUtLakAcKKckGo72BuwoSfKmB/shXfAudALpGf04Oj HdutRUFwUEneDBJDVbD2JFWIA3v0hwRHPVasDBbwS+piaZs2iVnPygwxnN7Uf0HA NpJoYFGbh85NTzy2H58EOs06BnYMoOY6DdItldcBI9lGNmK0jlce+1vxbH6NiqS8 q3cGNDEFgb+H6ddyEsf53GcUjnjipRgNBm5jTye/p64fm05hKavjfwKCjfCnJWLr h+U/3ozdagYrKrHBiwndkEmMLVRZw8xQJRyNyUz4oXhYbENlbxX6PjxODFGs6Tta QK6rvAWomKAtjSz28xqzjq7UkIdahLwpraJRlSrZyh3UFrgXaUATA1z/rNg6SnAc DOpsf6WiR6U7zsPYxtD9 =TwD5 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
