On Thu, Apr 17, 2008 at 01:00:23PM +0200, Werner Koch wrote: > >> Regarding signing challenges; they are fine as along as a signing subkey > >> is available. > > This sounds interesting. > > What would I now from a signing challenge? What is it exactly? Ask the > > peer to sign my challenge? > > Right. > > > Any why wouldn't it work with the primary (signing) key. > > Because in my case that is off line and I would need to implement quite > some code to take the signing challenge to the secure offline box with > the primary key, sign that the challenge, copy the result back to a > networked box and send it. Yeah, it is possible to do but it does not > make much sense to me. A signing subkey would be easier.
A signing subkey doesn't really work here though. A given signing subkey can be attached to any number of keys, and still issue signatures. When a make a certification, I am signing the primary key and a UID. Thus the things I need to "prove" are that primary key and that UID. A signing subkey (or encryption) aren't really involved in that. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
