Force subkey for signing

Vitaly's Avatar

Vitaly

10 Jun, 2013 04:42 PM

Hi, I crated a subkey for signing things, and I don't know where I could choose to designate this newly created subkey for signing. When I sign an email message and send it to my other address, it comes as signed with my primary key, not the subkey. Is there a way to force it to choose a subkey for signing?

  1. 1 Posted by Vitaly on 10 Jun, 2013 04:43 PM

    Vitaly's Avatar

    Of course I mean to force GPGMail to use the subkey, rather than the primary key.

  2. Support Staff 2 Posted by Mento on 18 Jun, 2013 12:34 PM

    Mento's Avatar

    Hi Vitaly!
    At the moment, i don't know a way to tell gpg2 which subkey to use. So we can't implement this.

    Regards, Mento

  3. 3 Posted by Vitaly on 18 Jun, 2013 06:01 PM

    Vitaly's Avatar

    I read in a few places that you should not use the same key for signing and encryption since that is a huge security vulnerability (that's why I created some subkeys). But I don't see many people who bother keeping two separate key pairs. Should I?

  4. 4 Posted by Vitaly Shvetsov on 18 Jun, 2013 06:05 PM

    Vitaly Shvetsov's Avatar

    Does that mean that I should have two separate keypairs, one for signing and one for encryption? I read in a few places that using one key for signing and encryption is a huge vulnerability. But I see people don't bother having two separate key pairs.

  5. Support Staff 5 Posted by Mento on 19 Jun, 2013 12:15 PM

    Mento's Avatar

    Hi Vitaly!

    if you only want separate subkeys for encrypt and sign, you san simply create a subkey for signing only and one for encryption only.
    gpg automatically uses the newest subkey to sign/encrypt, aslong as the key has the possibility to encrypt/sign.
    Why do you think that, your primary instead of your new subkey is used?
    At the moment GPGMail doesn't display the subkey which is used to encrypt or decrypt.
    To check which subkey was used you need to use "gpg2 --list-packets".

    Regards, Mento

  6. 6 Posted by Vitaly on 19 Jun, 2013 03:55 PM

    Vitaly's Avatar

    > Why do you think that, your primary instead of your new subkey is used?

    Because it listed my main key ID in the signature details instead of the subkey's ID (this is where you click on "signed (email@address)".

  7. Support Staff 7 Posted by Mento on 20 Jun, 2013 06:11 PM

    Mento's Avatar

    Good point. I will open a ticket, so we can change this in the signature view.
    At the moment it only displays the ID of the primary key. Even if a subkey is used.

  8. Support Staff 8 Posted by Steve on 20 Jun, 2013 06:37 PM

    Steve's Avatar

    We've a ticket for this now. Please subscribe to the ticket if you want to be notified of changes being made in regards to this issue:

    https://gpgtools.lighthouseapp.com/projects/65764/tickets/619

    I'm closing this discussion for overview purposes. Feel free to open a new discussions should you run into further problems or need assistance.

  9. Steve closed this discussion on 21 Jun, 2013 09:16 AM.

  10. Support Staff 9 Posted by Steve on 23 Apr, 2018 10:39 AM

    Steve's Avatar

    Hi Vitaly,

    good news - we now show fingerprint, creation and expiration date of the subkey when a signature was created using a subkey. Subkey info will not be shown when no subkey was used to sign.

    We are happy to solve this long standing request.

    While we were at it, we decided to give the signature details view a major cleanup:

    • we removed the top section listing name and e-mail (those infos are displayed in the details already)
    • we prevent any need to scroll in this dialog (why not use the correct window size right away if we can)
    • details are always extended and by that there is no longer the need to even have a "Details" section
    • more focus on fingerprint of key + subkey by restructuring the order of info

    These changes apply to both the signature attachment details view as well as the signature details view.

    If you want to test the changes feel free to download the latest hotfix GPG Suite.

    All the best,
    steve

    Disclaimer: This is a development version which has not been thoroughly tested yet - bugs or crashes are to be expected. Thanks for helping us test.

  11. Steve closed this discussion on 23 Apr, 2018 10:39 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac