Primary key ist not selected properly using bash+GPG+curl

keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.

899 stars 37 forks source link

Primary key ist not selected properly using bash+GPG+curl #1193

Open asheiduk opened 10 years ago

asheiduk commented 10 years ago

I've tried proving a few things using the bash/GPG/curl option. But the generated script would not use my primary GPG key for signing but a signing subkey (S, not C!) I have in my keyring too. In this case a simple

gpg -u "$MASTERKEYID" --sign

will silently select the subkey for signing. In order to really force the primary key this command will do by adding an ! to the id:

gpg -u "$MASTERKEYID!" --sign

maxtaco commented 10 years ago

Interesting, didn't know about that feature.

BTW, why do you prefer the signature by the master key and not the subkey? My thought would be to prefer the subkey, especially since some folks might keep their master key offline.

asheiduk commented 10 years ago

The day-to-day signing is indeed done using the subkey. But I feel that keybase proofing is more like certifying (not signing! [in GPG-speek]) another GPG key - and this is a job for the primary key with C+S capabilities - after all that's my digital identity.

Another usecase would be, that the day-to-day signing key has an expiration time and is replaced every year or so.