Force subkey for signing
Hi, I crated a subkey for signing things, and I don't know where I could choose to designate this newly created subkey for signing. When I sign an email message and send it to my other address, it comes as signed with my primary key, not the subkey. Is there a way to force it to choose a subkey for signing?
Comments are currently closed for this discussion. You can start a new one.
|?||Show this help|
|ESC||Blurs the current field|
|r||Focus the comment reply box|
|^ + ↩||Submit the comment|
You can use
Command ⌘ instead of
Control ^ on Mac
1 Posted by Vitaly on 10 Jun, 2013 04:43 PM
Of course I mean to force GPGMail to use the subkey, rather than the primary key.
2 Posted by Mento on 18 Jun, 2013 12:34 PM
At the moment, i don't know a way to tell gpg2 which subkey to use. So we can't implement this.
3 Posted by Vitaly on 18 Jun, 2013 06:01 PM
I read in a few places that you should not use the same key for signing and encryption since that is a huge security vulnerability (that's why I created some subkeys). But I don't see many people who bother keeping two separate key pairs. Should I?
4 Posted by Vitaly Shvetsov on 18 Jun, 2013 06:05 PM
Does that mean that I should have two separate keypairs, one for signing and one for encryption? I read in a few places that using one key for signing and encryption is a huge vulnerability. But I see people don't bother having two separate key pairs.
5 Posted by Mento on 19 Jun, 2013 12:15 PM
if you only want separate subkeys for encrypt and sign, you san simply create a subkey for signing only and one for encryption only.
gpg automatically uses the newest subkey to sign/encrypt, aslong as the key has the possibility to encrypt/sign.
Why do you think that, your primary instead of your new subkey is used?
At the moment GPGMail doesn't display the subkey which is used to encrypt or decrypt.
To check which subkey was used you need to use "gpg2 --list-packets".
6 Posted by Vitaly on 19 Jun, 2013 03:55 PM
> Why do you think that, your primary instead of your new subkey is used?
Because it listed my main key ID in the signature details instead of the subkey's ID (this is where you click on "signed (email@address)".
7 Posted by Mento on 20 Jun, 2013 06:11 PM
Good point. I will open a ticket, so we can change this in the signature view.
At the moment it only displays the ID of the primary key. Even if a subkey is used.
Support Staff 8 Posted by Steve on 20 Jun, 2013 06:37 PM
We've a ticket for this now. Please subscribe to the ticket if you want to be notified of changes being made in regards to this issue:
I'm closing this discussion for overview purposes. Feel free to open a new discussions should you run into further problems or need assistance.
Steve closed this discussion on 21 Jun, 2013 09:16 AM.
Support Staff 9 Posted by Steve on 23 Apr, 2018 10:39 AM
good news - we now show fingerprint, creation and expiration date of the subkey when a signature was created using a subkey. Subkey info will not be shown when no subkey was used to sign.
We are happy to solve this long standing request.
While we were at it, we decided to give the signature details view a major cleanup:
These changes apply to both the signature attachment details view as well as the signature details view.
If you want to test the changes feel free to download the latest hotfix GPG Suite.
All the best,
Disclaimer: This is a development version which has not been thoroughly tested yet - bugs or crashes are to be expected. Thanks for helping us test.
Steve closed this discussion on 23 Apr, 2018 10:39 AM.