--quick-sign-key offers no way to override a current certification
Open, HighPublic


If Alice has already certified Bob's key, but she later decides that she wants to adjust the certification (e.g. with a notation, by adding an expiration, or by moving from an exportable to a non-exportable certification), she cannot do that with gpg --quick-sign-key, because it reports something like:

"Bob <bob@example.com>" was already signed by key 1234567890123456

I note that if the existing certification is a non-exportable certification, and the new certification *is* exportable, then gpg --quick-sign-key will actually make the new certification, and drop the old one. That's good! but it doesn't help if the user wants to go the other direction (exportable to non-exportable), or if they want to add a notation with --cert-notation

I also see no way to set an certification expiration using --quick-sign-key at all, but perhaps that's a different issue.


dkg created this task.Jun 25 2019, 5:52 PM
werner triaged this task as Normal priority.

For the record in my original message I asked about adding self-signatures.

From what I can see it seems --quick-sign-key could be used for that purpose but it looks like the operation fails because of the issue described by @dkg :

$ gpg --set-notation x@y.com=a --quick-sign-key FB66ACD7A3AB75E513C0A07EC9F3E75D8AEC54C3
"Testington <test@test>" was already signed by key C9F3E75D8AEC54C3
Nothing to sign with key C9F3E75D8AEC54C3
gpg: Key not changed so no update needed.

There is another problem: Even if the first certification was revoked, trying to add a new certification with --quick-sign-key fails because '"user id" was already signed by key ...'

werner edited projects, added gnupg (gpg22); removed gnupg.Oct 29 2020, 4:39 PM
werner added a subscriber: werner.

Indeed we need to fix/enhance this to make testing of --quick-revoke-sig easier. See over at T5093

werner raised the priority of this task from Normal to High.Tue, Jan 12, 8:04 AM
werner added a project: Restricted Project.
werner moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Tue, Jan 12, 11:05 AM