1

I know about the trust web in PGP. When you sign a key, everybody that trusts you will trust the person with that key. But what is the point of self-signing a key when anybody else can do that with his own key-pair?

Fish_n_Chips
  • 11
  • 1
  • 3
    It's similar to the reason that a CSR (which contains the public key) is self-signed using the corresponding private key, before the CSR is submitted to a CA. It's so that the other party can verify that the person claiming that the public key is theirs is also in possession of the corresponding private key as well. – mti2935 Jun 07 '22 at 15:36
  • @mti2935: This is a good answer. Convert your comment to an answer. – mentallurg Jun 07 '22 at 16:17
  • Thanks @mentallurg. But, I would basically just be re-posting what I've already written, so I'll just leave it as is. – mti2935 Jun 07 '22 at 16:33
  • @mti2935 Seems reasonable. Thank you! – Fish_n_Chips Jun 07 '22 at 17:02
  • @mti2935 Comments are temporary. Their purpose is to help clarify the question. That's why comments can be deleted by moderators at any time. I'd suggest you think about converting it to an answer once again Your answer can be helpful to everyone who has similar question. – mentallurg Jun 08 '22 at 00:25
  • @mentallurg Thanks for the suggestion. But, it seems like overkill to me to post a full-blown answer when a question can be answered in just one or two sentences. Also, I've noticed that (for whatever reason) any ensuing dialog with the OP seems to flow better following a comment as opposed to an answer. Having said that, if you feel compelled to post an answer based on my comment, feel free to (and I'll be the first to upvote it). Last but not least: moderators, please do not delete my comment above. – mti2935 Jun 08 '22 at 12:03

1 Answers1

1

There are a couple reasons that self-signing is important in OpenPGP:

  • First, user IDs and photos aren't attached to the key any other way. As a result, it's entirely possible for someone to attach a user ID or photo to a key, and the only way to distinguish an authorized one is to verify that it's signed by the key. Subkeys are attached to the key the same way and a signature is required for them, too.
  • Second, to prevent someone from claiming someone else's signing subkey and claiming their signatures with that key, that signing subkey needs to sign the main key as well.
  • Third, signatures are the only way that you can apply preferences and notations. These preferences indicate what algorithms the key owner is willing to accept (e.g., SHA-2 and AES), plus what functionality their implementation supports (e.g., improved security features in new versions of the standard).
bk2204
  • 7,828
  • 16
  • 15