Why doesn't split GPG allow certification of keys

Prior to using Qubes, I was using PGP with a hardware key as the ultimate trust. I used the key certification this way: once I have gained enough confidence about some public key I downloaded online, I will certify (sign) it with my PGP key on the hardware key.

Now that I moved to Qubes, I found that split-gpg 1 and 2 specifically forbids this usage. Why? The documentation didn’t discuss at length, only stating that

Therefore, it cannot differentiate between e.g. signatures of a piece of data or signatures of another key.

But why is that a problem? I can understand that, if the OS in which gpg is invoked is compromised, then gpg can be altered to always support signed key regardless of whether it’s genuine. But we have the public key with the signature as data, and we have an hypothetically uncompromised private key protected air-gapped. Thus, we can always move the data to another machine and verify there, which is very easy in Qubes: just open a new qube and check the key certification there; and the compromised VM can’t fake that, under the hypothesis that the private key is protected.

Therefore, I don’t understand the incentive behind the prohibition of key certification, and hope to discuss it.

Thanks in advance.

Moreover, I also want to discuss that, if there’s a decent reason to forbid this usage, then how should we do this alternatively, certifying keys with an ultimate private key airgapped?

I can think of one alterntive: after we are confident enough about some public key we downloaded, instead of certifying it, we record its hash (Fingerprint) maually in the air-gapped vault Qube. However, this of course is rather error-prone, and it’s perhaps easier than we think to forge data of similar hash (e.g. only a few characters different from the target hash, or only the same first several characters).

Just to clarify :
Are you saying the issue is you can not use your hardware key with Qubes?

Which is a topic I am interested in.

Or there is a problem doing key verification with split gpg?

I do no-t use Split-gpg.

3 posts were split to a new topic: Using PGP with harware key in dom0

Would it be a good idea to export a key I want to certify into vault Qube, and export the certified out? Could a vulnerability of gpg be used to compromise the vault Qube? It seems a bad idea to me.