On Sun, 4 Mar 2001, Werner Koch <w...@gnupg.org> wrote: > On Sun, 4 Mar 2001, Stefan Bellon wrote: >> I've a short question concerning signing and lsigning. If you lsign a >> key and afterwards (some time later) decide you want to export it and >> therefore sign it, does the lsignature gets marked exportable or is a >> new signature created? > > Because that flag resides in the non hashed are, it is possible to > change it without creating a new signature. However there is no > code for this.
(See https://lists.gnupg.org/pipermail/gnupg-users/2001-March/007884.html ) Has this changed since 2001? I like to use cert-levels[1] to record how carefully I have checked keys that I wish to sign. In cases where the signee would prefer me not to publicly reveal information about how carefully I have checked their key[2], I would like to accommodate their wishes by signing with cert-level 0 but still locally signing with the level appropriate to how thoroughly I have checked their key, so that I have a signed record of this for myself, in my keyring. However, Neither gpg nor gpg2 seem to let me do this. If I `sign`, regardless of cert-level, and then try to `lsign`, then I get a message along the lines: > "User Name <user.email>" was already signed by key DEADBEEF > Nothing to sign with key DEADBEEF Likewise, if I instead reverse the order and `lsign` first, then when I run the `sign` command, I get: > Your current signature on "User Name <user.email>" > is a local signature. > Do you want to promote it to a full exportable signature? (y/N) N > "User Name <user.email>" was already signed by key DEADBEEF > Nothing to sign with key DEADBEEF Either way, GnuPG stymies me in my desire to `sign` and `lsign` the same UID with different values. It would be nice if GnuPG offered a way to `sign` and `lsign` with different values, to handle the use case I have presented. Please could you let me know if it already does, and I have missed this feature somehow, or alternatively whether this feature is planned for a future release? Many thanks, - spk [1] I have my own set of key-signing principles, which at some point I will probably post online. Based upon observation of other GnuPG users' habits, many do not use cert-levels. Of those who do, my level 1 is probably equivalent to most people's level 2; my level 2 probably equivalent to most people's level 3, and my level 3 is more extensive than my level 2. [2] E.g. as per https://www.debian-administration.org/users/dkg/weblog/98
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
