-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 08/14/2013 07:47 AM, Axel Braun wrote: > Hi, > > one (stupid?) question: > > Where is the requirement to sign your own key documented? I had a > look into RFC 4880 but could not spot the requirement there. > > Thanks for clarifying.... Axel
There is no such requirement. Your own keys are trusted automatically with ultimate trust when you create them. You can stop reading now. It is basically a requirement for any key to be signed to be able to use it in any meaningful way. If it isn't signed and given some sort of level of trust it cannot be used to verify either a clear-sign or detached-signature. I never thought about attempting to encipher using PK enciphering using somebody else's public key without signing it but look at RFC 4880 for what it says about that. It is just that signing and verifying is what I do most. No trust for a key means no way to have meaningful verification. You do not not need to sign your own key. The reason why is because when you generate your key, it has an entry for it that is automatically added to the trustdb with ULTIMATE trust. If it wasn't this way then you would have a chicken versus egg problem. You couldn't sign or lsign anybody else's key using your private / secret key because your own key wasn't trusted. But if you try to sign your own key with your own key ... you can't. You need a key with ultimate trust to be used to sign other keys with varying levels of trust in that key. So your own keys automatically have ultimate trust when they are created. If you cannot trust yourself to be yourself then maybe you have MPD and need an eminent brain specialist's help. Either that or you need to generate your revocation and revoke your keys. But that is more of a statement that you think somebody may have your keys + pass-phrase than something about yourself. HHH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSC1QcAAoJEMhFIk/IOUbwnUUH/jYHlu6PC1CLWuZUWN7C83pu 37F7wF9fNRqoi1DVHpYN6reZ4WUI8PxpZdeTQL1UTZRT2m9eAnmYYZV4yASHBnm9 NfAebZJLuxWTs6McDcHZdN4Ruw/xiK+fdMMDpR3sTgoP5XNuHwzFWkKy16D7eAkD RicZ4gyib69WO/2kM+3vnJOMUY1uUe1T/sWh6YGBzXjBvqrNgoTsQxGj4C/B+aC5 MGFqaH4IN3wGziodm75kfSs7iWpUCHaaR3ZZLrLIXj3oB+QRI3ykhYtyKgZtWLP+ o9lS/enpF2O+f52V0pBdXzlJLtqOcRcwzQ1pwB1KUsW3lsZEWLhefMQGrB7ToQI= =P2lk -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
