Are uids tied to the GPG primary key too?
I'm playing around with GPG (v2.2.8), trying to get a primary/master key with subkeys and several uids attached. To get to the point I'm at, I:
- Created the master key and gave it only (C)ertify ability.
- Created 3 subkeys, each with only one of (E)ncrypt, (S)ign, (A)uthenticate ability.
- Created revocations and paperkeys for them.
- Exported .gnupg folder off the machine.
- Removed the master private key.
As I did this quite a few times having made mistakes and misunderstanding the process (you've used gpg, right?;) I started to become more confident and in my new found state added a uid I shouldn't have. So I did the following:
gpg --edit-key 0xXXX
gpg> 2
gpg> deluid
Really remove this user ID? (y/N) y
gpg> save
What puzzles me is that there was no prompt or warning about the primary key - does it not have the uid too? Are they only tied to the public key so the private part doesn't care? Should I reimport it and remove the uid and then export it?
These are the questions this episode has prompted.
I haven't shared the keys and I'm playing around so I can blitz the whole lot if need be, just trying to understand how gpg works. Then I'm going to move on to creating a super secure crypto algo because that's probably easier to manage!
gnupg identity-management
asked Jan 14 at 7:08
IainIain
136312
add a comment |
I'm playing around with GPG (v2.2.8), trying to get a primary/master key with subkeys and several uids attached. To get to the point I'm at, I:
- Created the master key and gave it only (C)ertify ability.
- Created 3 subkeys, each with only one of (E)ncrypt, (S)ign, (A)uthenticate ability.
- Created revocations and paperkeys for them.
- Exported .gnupg folder off the machine.
- Removed the master private key.
As I did this quite a few times having made mistakes and misunderstanding the process (you've used gpg, right?;) I started to become more confident and in my new found state added a uid I shouldn't have. So I did the following:
gpg --edit-key 0xXXX
gpg> 2
gpg> deluid
Really remove this user ID? (y/N) y
gpg> save
What puzzles me is that there was no prompt or warning about the primary key - does it not have the uid too? Are they only tied to the public key so the private part doesn't care? Should I reimport it and remove the uid and then export it?
These are the questions this episode has prompted.
I haven't shared the keys and I'm playing around so I can blitz the whole lot if need be, just trying to understand how gpg works. Then I'm going to move on to creating a super secure crypto algo because that's probably easier to manage!
gnupg identity-management
asked Jan 14 at 7:08
IainIain
136312
add a comment |
I'm playing around with GPG (v2.2.8), trying to get a primary/master key with subkeys and several uids attached. To get to the point I'm at, I:
- Created the master key and gave it only (C)ertify ability.
- Created 3 subkeys, each with only one of (E)ncrypt, (S)ign, (A)uthenticate ability.
- Created revocations and paperkeys for them.
- Exported .gnupg folder off the machine.
- Removed the master private key.
As I did this quite a few times having made mistakes and misunderstanding the process (you've used gpg, right?;) I started to become more confident and in my new found state added a uid I shouldn't have. So I did the following:
gpg --edit-key 0xXXX
gpg> 2
gpg> deluid
Really remove this user ID? (y/N) y
gpg> save
What puzzles me is that there was no prompt or warning about the primary key - does it not have the uid too? Are they only tied to the public key so the private part doesn't care? Should I reimport it and remove the uid and then export it?
These are the questions this episode has prompted.
I haven't shared the keys and I'm playing around so I can blitz the whole lot if need be, just trying to understand how gpg works. Then I'm going to move on to creating a super secure crypto algo because that's probably easier to manage!
gnupg identity-management
asked Jan 14 at 7:08
IainIain
136312
I'm playing around with GPG (v2.2.8), trying to get a primary/master key with subkeys and several uids attached. To get to the point I'm at, I:
- Created the master key and gave it only (C)ertify ability.
- Created 3 subkeys, each with only one of (E)ncrypt, (S)ign, (A)uthenticate ability.
- Created revocations and paperkeys for them.
- Exported .gnupg folder off the machine.
- Removed the master private key.
As I did this quite a few times having made mistakes and misunderstanding the process (you've used gpg, right?;) I started to become more confident and in my new found state added a uid I shouldn't have. So I did the following:
gpg --edit-key 0xXXX
gpg> 2
gpg> deluid
Really remove this user ID? (y/N) y
gpg> save
What puzzles me is that there was no prompt or warning about the primary key - does it not have the uid too? Are they only tied to the public key so the private part doesn't care? Should I reimport it and remove the uid and then export it?
These are the questions this episode has prompted.
I haven't shared the keys and I'm playing around so I can blitz the whole lot if need be, just trying to understand how gpg works. Then I'm going to move on to creating a super secure crypto algo because that's probably easier to manage!
gnupg identity-management
gnupg identity-management
asked Jan 14 at 7:08
IainIain
136312
asked Jan 14 at 7:08
IainIain
136312
asked Jan 14 at 7:08
IainIain
136312
asked Jan 14 at 7:08
IainIain
136312
asked Jan 14 at 7:08
IainIain
136312
136312
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
It's a one-way relationship: the primary key can have UIDs attached to it, and attaching an UID requires signing it with the primary key (self-certifying), but the primary key does not depend on UIDs' existence, and adding/removing UIDs does not alter the primary key itself in any way. The UIDs are standalone packets, and are only necessary for key lookup by name/address (instead of by fingerprint).
answered Jan 14 at 7:32
grawitygrawity
239k37506561
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1394000%2fare-uids-tied-to-the-gpg-primary-key-too%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
It's a one-way relationship: the primary key can have UIDs attached to it, and attaching an UID requires signing it with the primary key (self-certifying), but the primary key does not depend on UIDs' existence, and adding/removing UIDs does not alter the primary key itself in any way. The UIDs are standalone packets, and are only necessary for key lookup by name/address (instead of by fingerprint).
answered Jan 14 at 7:32
grawitygrawity
239k37506561
add a comment |
It's a one-way relationship: the primary key can have UIDs attached to it, and attaching an UID requires signing it with the primary key (self-certifying), but the primary key does not depend on UIDs' existence, and adding/removing UIDs does not alter the primary key itself in any way. The UIDs are standalone packets, and are only necessary for key lookup by name/address (instead of by fingerprint).
answered Jan 14 at 7:32
grawitygrawity
239k37506561
add a comment |
It's a one-way relationship: the primary key can have UIDs attached to it, and attaching an UID requires signing it with the primary key (self-certifying), but the primary key does not depend on UIDs' existence, and adding/removing UIDs does not alter the primary key itself in any way. The UIDs are standalone packets, and are only necessary for key lookup by name/address (instead of by fingerprint).
answered Jan 14 at 7:32
grawitygrawity
239k37506561
It's a one-way relationship: the primary key can have UIDs attached to it, and attaching an UID requires signing it with the primary key (self-certifying), but the primary key does not depend on UIDs' existence, and adding/removing UIDs does not alter the primary key itself in any way. The UIDs are standalone packets, and are only necessary for key lookup by name/address (instead of by fingerprint).
answered Jan 14 at 7:32
grawitygrawity
239k37506561
edited Jan 14 at 7:42
answered Jan 14 at 7:32
grawitygrawity
239k37506561
answered Jan 14 at 7:32
grawitygrawity
239k37506561
answered Jan 14 at 7:32
grawitygrawity
239k37506561
239k37506561
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1394000%2fare-uids-tied-to-the-gpg-primary-key-too%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
