dkg at fifthhorseman
Jul 24, 2012, 7:08 AM
Post #2 of 5
On 07/24/2012 09:58 AM, vedaal [at] nym wrote:
> Recently added a uid and deleted a uid to one of my keys.
> Found that to add a uid, gnupg asks for the passphrase, but to
> delete a uid, it does not.
> (Doesn't really matter much, since the secret key is required for
> but was curious if there is any underlying reason why gnupg does it
> this way.)
possession of the secret key is not required for deluid, actually.
look at it this way:
deluid is just an edit of your local keyring -- it removes a handful of
packets (note that if the key is already on the public keyservers or
someone else has a copy, they will still have the user ID that you deleted).
adduid, on the other hand, requires the creation of a new cryptographic
signature: the self-sig made by the primary key over the user ID. To
create this self-sig, gpg needs access to the secret key material for
the associated primary key.