Discussion:
Signing one of my keys with another of my keys
(too old to reply)
Anonymous Remailer (austria)
2015-08-25 14:37:49 UTC
Permalink
I have two keys. Say their key IDs are 0xAAAAAAAA and 0xBBBBBBBB.

I have added a sub-key to 0xAAAAAAAA and I want to sign it with
0xBBBBBBBB.

I want to sign each key with the other. I have done this sort of
thing before with a GUI but now I want to be able to do this with
the command line.

With the GUI it was easy. With the command line I'm scratching my
head.

For safety's sake I have a default key that is neither of those two
keys.

When I type gpg2 --edit-key 0xAAAAAAAA and then type "sign" gpg2
asks if I really want to sign it with the default key. I don't, I
hit "n" and it bails.

When I type gpg2 --sign-key 0xAAAAAAAA 0xBBBBBBBB I get "usage: gpg
[options] --sign-key user-id".

Both keys have the same uid, they just have different key IDs.

It must be possible to sign one of these keys with the other, and
vice versa, because I've done it before with the GUI. Can anyone
tell me how to do it with the command line?
Guy
2015-08-25 15:50:28 UTC
Permalink
Post by Anonymous Remailer (austria)
I have two keys.
Say their key IDs are 0xAAAAAAAA and 0xBBBBBBBB.
I have added a sub-key to 0xAAAAAAAA
and I want to sign it with 0xBBBBBBBB.
I want to sign each key with the other.
I have done this sort of thing before with
a GUI but now I want to be able to do this
with the command line.
Try:
gpg2 --local-user 0xBBBBBBBB --sign-key 0xAAAAAAAA


Consider:
gpg2 --local-user 0xBBBBBBBB --edit-key 0xAAAAAAAA
tsign
(some confirmations here)
save
Nomen Nescio
2015-08-28 14:52:14 UTC
Permalink
Post by Guy
Post by Anonymous Remailer (austria)
I have two keys.
Say their key IDs are 0xAAAAAAAA and 0xBBBBBBBB.
I have added a sub-key to 0xAAAAAAAA
and I want to sign it with 0xBBBBBBBB.
I want to sign each key with the other.
I have done this sort of thing before with
a GUI but now I want to be able to do this
with the command line.
gpg2 --local-user 0xBBBBBBBB --sign-key 0xAAAAAAAA
gpg2 --local-user 0xBBBBBBBB --edit-key 0xAAAAAAAA
tsign
(some confirmations here)
save
Thanks. I'd tried that before I'd posted the original question. I
tried it again copying your above suggestions and it again didn't
work.

But I think I have figured out why, and it may help others if I
post that here.

The signatures really only relate to the SIGNING key, not to the
encryption key. What I got when I'd tried signing 0xAAAAAAAA with
0xBBBBBBBB was a failure that said that 0xAAAAAAAA was already
signed with 0xBBBBBBBB. And of course it was. The addition of a new
encryption key didn't change the signing key. So I've learned
something here, unless someone corrects this posting, and maybe
this will help others in the future.

Thanks again for your help, Guy.
Anonymous
2015-08-28 16:35:44 UTC
Permalink
Post by Guy
Post by Anonymous Remailer (austria)
I have two keys.
Say their key IDs are 0xAAAAAAAA and 0xBBBBBBBB.
I have added a sub-key to 0xAAAAAAAA
and I want to sign it with 0xBBBBBBBB.
I want to sign each key with the other.
I have done this sort of thing before with
a GUI but now I want to be able to do this
with the command line.
gpg2 --local-user 0xBBBBBBBB --sign-key 0xAAAAAAAA
gpg2 --local-user 0xBBBBBBBB --edit-key 0xAAAAAAAA
tsign
(some confirmations here)
save
Thanks. I'd tried that before I'd posted the original question. I
tried it again copying your above suggestions and it again didn't
work.

But I think I have figured out why, and it may help others if I
post that here.

The signatures really only relate to the SIGNING key, not to the
encryption key. What I got when I'd tried signing 0xAAAAAAAA with
0xBBBBBBBB was a failure that said that 0xAAAAAAAA was already
signed with 0xBBBBBBBB. And of course it was. The addition of a new
encryption key didn't change the signing key. So I've learned
something here, unless someone corrects this posting, and maybe
this will help others in the future.

Thanks again for your help, Guy.

Loading...