GitHub Community
Unverified Commits when Using GPG subkey
#82180
-
Select Topic AreaQuestion BodyHello, I have a GPG key I'm using on my main machine for signing code. Since I have less trust on my server (theoretically, the VPS provider could have access to them, even though it's a legit company), I decided to create a subkey with a shorter expire date to use into that server. Theoretically, if I'm not mistaken, the same public key should be enough to identify signatures made by both the main key and its subkeys. However, I am getting an "Unverified Signatie" anyway (I checked the signature using What should I do? I have found a seemingly (to me) problem on #59941 but the solution found by the user doesn't make any sense for my problem. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
I just found the answer to my question on a The proposed solution is to delete and upload I have previously tried to just add the updated Is this possibly a bug? Shall I report it? At |
Beta Was this translation helpful? Give feedback.
-
|
I encountered the same problem when using the newly generated GPG key. The reason is that I exported and uploaded the public key before adding the subkey, When I re-uploaded the new public key information, the problem was resolved. |
Beta Was this translation helpful? Give feedback.
I just found the answer to my question on a
Stack Overflow
question.
The proposed solution is to delete and upload
again the updated key. It works.
I have previously tried to just add the updated
key and it said I couldn't because the key
was already there.
Is this possibly a bug? Shall I report it? At
least as an enhancement, I guess. The
interface could have detected the key already
added was just outdated and offer the option
to update the old one instead, or something
else more user-friendly.